valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 17:45:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c04ab1f4e5
atomic-threat-coverage/data_needed/DN_0038_400_windows_powershell_engine_lifecycle.yml
yugoslavskiy f79f50bec3 changed directories names
2019-02-12 04:55:11 +01:00

36 lines
1.4 KiB
YAML
Raw Blame History

title: DN_0038_400_windows_powershell_engine_lifecycle
description: >
TODO
loggingpolicy:
- TODO
references:
- https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/powershell/events/event-400.md
category: OS Logs
platform: Windows
type: Applications and Services Logs
channel: Windows PowerShell
provider: PowerShell
fields:
- EventID
- Computer
- Hostname # redundant
sample: |
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">400</EventID>
<Level>4</Level>
<Task>4</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-02-05T15:13:04.885878700Z" />
<EventRecordID>50575</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>atc-win-10.atc.local</Computer>
<Security />
</System>
- <EventData>
<Data>Available</Data>
<Data>None</Data>
<Data>NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=Windows PowerShell ISE Host HostVersion=5.1.17134.407 HostId=9478b487-c2ea-4aa8-8eb3-9b7bad25b39f HostApplication=C:\windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe EngineVersion=5.1.17134.407 RunspaceId=9f89fa00-ca26-402e-9dea-29c6d2447f7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=</Data>
</EventData>
</Event>
Reference in New Issue View Git Blame Copy Permalink