mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-08 18:23:52 +00:00
18 lines
395 B
YAML
18 lines
395 B
YAML
fieldmappings:
|
|
dst:
|
|
- network.remote.address.ip
|
|
dst_ip:
|
|
- network.remote.address.ip
|
|
src:
|
|
- network.local.address.ip
|
|
src_ip:
|
|
- network.local.address.ip
|
|
file_hash:
|
|
- file.hash.md5
|
|
- file.hash.sha256
|
|
NewProcessName: process.name
|
|
ServiceName: process.name
|
|
ServiceFileName: process.name
|
|
TargetObject: registry.path
|
|
|