CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed test #359

Browse Source
This commit is contained in:
DustInDark
2022-06-20 13:49:18 +09:00
parent 158a1e34ed
commit 283c27c336
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test_files/config/default_details.txt
View File

@@ -1,5 +1,5 @@
Provider, EID, Details
Microsoft-Windows-PowerShell/Operational, 4104, %ScriptBlockText%
Microsoft-Windows-PowerShell, 4104, %ScriptBlockText%
Microsoft-Windows-Security-Auditing, 4624, User: %TargetUserName% | Comp: %WorkstationName% | IP Addr: %IpAddress% | LID: %TargetLogonId% | Process: %ProcessName%
Microsoft-Windows-Sysmon/Operational, 1, Cmd: %CommandLine% | Process: %Image% | User: %User% | Parent Cmd: %ParentCommandLine% | LID: %LogonId% | PID: %ProcessId% | PGUID: %ProcessGuid%
Microsoft-Windows-Sysmon, 1, Cmd: %CommandLine% | Process: %Image% | User: %User% | Parent Cmd: %ParentCommandLine% | LID: %LogonId% | PID: %ProcessId% | PGUID: %ProcessGuid%
Service Control Manager, 7031, Svc: %param1% | Crash Count: %param2% | Action: %param5%