dataneeded DN_0005_windows_service_insatalled_7045 added

2024-11-06 17:45:23 +00:00 · 2018-12-25 05:57:23 +01:00 · 2018-12-25 05:57:23 +01:00 · 6227c1b9b2
commit 6227c1b9b2
parent 6a138efa5c
1 changed files with 47 additions and 0 deletions
--- a/dataneeded/DN_0005_windows_service_insatalled_7045.yml
+++ b/dataneeded/DN_0005_windows_service_insatalled_7045.yml
@ -0,0 +1,47 @@
+title: DN_0005_windows_service_insatalled_7045
+description: >
+  A service was installed in the system.
+loggingpolicy: None
+references: None
+platform: Windows
+type: Windows Log
+channel: System
+provider: "Service Control Manager"
+fields:
+  - EventID
+  - ProcessID
+  - ThreadID
+  - ServiceName
+  - ImagePath
+  - ServiceFileName     # redundant, inconsistent
+  - ServiceType
+  - StartType
+  - AccountName
+  - UserSid
+  - Computer
+sample: |
+  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
+    - <System>
+      <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> 
+      <EventID Qualifiers="16384">7045</EventID> 
+      <Version>0</Version> 
+      <Level>4</Level> 
+      <Task>0</Task> 
+      <Opcode>0</Opcode> 
+      <Keywords>0x8080000000000000</Keywords> 
+      <TimeCreated SystemTime="2017-07-02T15:48:56.256752900Z" /> 
+      <EventRecordID>762</EventRecordID> 
+      <Correlation /> 
+      <Execution ProcessID="568" ThreadID="1792" /> 
+      <Channel>System</Channel> 
+      <Computer>DESKTOP</Computer> 
+      <Security UserID="S-1-5-21-2073602604-586167410-2329295167-1001" /> 
+      </System>
+    - <EventData>
+      <Data Name="ServiceName">sshd</Data> 
+      <Data Name="ImagePath">C:\Program Files\OpenSSH\sshd.exe</Data> 
+      <Data Name="ServiceType">user mode service</Data> 
+      <Data Name="StartType">demand start</Data> 
+      <Data Name="AccountName">LocalSystem</Data> 
+    </EventData>
+  </Event>