CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 17:22:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sigma Rule Update (2025-09-26 20:14:44) (#97)

Browse Source 
Co-authored-by: YamatoSecurity <YamatoSecurity@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2025-09-26 20:14:51 +00:00
committed by GitHub
parent b6faf82acc
commit cc910b5314
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
config/security_rules.json
View File

@@ -14347,6 +14347,23 @@
], ],
"title": "Harvesting Of Wifi Credentials Via Netsh.EXE" "title": "Harvesting Of Wifi Credentials Via Netsh.EXE"
}, },
{
"category": "process_creation",
"channel": [
"sec"
],
"description": "Detects attempts to freeze a process likely an EDR or an antimalware service process through EDR-Freeze that abuses the WerFaultSecure.exe process to suspend security software.\n",
"event_ids": [
"4688"
],
"id": "4bf1a6ac-2f14-c4e7-4339-5a28683aa92f",
"level": "high",
"service": "",
"subcategory_guids": [
"0CCE922B-69AE-11D9-BED3-505054503030"
],
"title": "Suspicious Process Suspension via WERFaultSecure through EDR-Freeze"
},
{ {
"category": "process_creation", "category": "process_creation",
"channel": [ "channel": [