mirror of
https://github.com/valitydev/atomic-threat-coverage.git
synced 2024-11-06 09:35:21 +00:00
21 lines
671 B
YAML
21 lines
671 B
YAML
title: CU_0001_TESTCUSTOMER
|
|
customer_name: TESTCUSTOMER
|
|
description: >
|
|
Some text description here. It will be merged into one line.
|
|
dataneeded:
|
|
- DN_0001_4688_windows_process_creation
|
|
- DN_0002_4688_windows_process_creation_with_commandline
|
|
- DN_0003_1_windows_sysmon_process_creation
|
|
loggingpolicy:
|
|
- LP_0001_windows_audit_process_creation
|
|
- LP_0002_windows_audit_process_creation_with_commandline
|
|
- LP_0003_windows_sysmon_process_creation
|
|
detectionrule:
|
|
- SquiblyTwo
|
|
- Cmdkey Cached Credentials Recon
|
|
- CMSTP UAC Bypass via COM Object Access
|
|
- CMSTP Execution
|
|
- Exploit for CVE-2015-1641
|
|
- Exploit for CVE-2017-0261
|
|
- Dridex Process Pattern
|