CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/#140 document (#144)

Browse Source 
* update

* fix regexes and whitelist

* underconstructing

* fix

* update

* add pic

* update

* update

* update

* fix
This commit is contained in:
James
2021-10-22 00:43:40 +09:00
committed by GitHub
parent 23c60fa8ff
commit 4a1e46e47e
38 changed files with 502 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/deep_blue_cli/sysmon/1.yml
-3
View File
@@ -1,8 +1,6 @@
title: Sysmon Check command lines
description: hogehoge
author: Yea
logsource:
product: windows
detection:
selection:
Channel: Sysmon
@@ -11,7 +9,6 @@ detection:
# condition: selection
falsepositives:
- unknown
level: medium
output: 'CommandLine=%CommandLine%¥nParentImage=%ParentImage%'
creation_date: 2020/11/8
uodated_date: 2020/11/8
rules/deep_blue_cli/sysmon/7.yml
-3
View File
@@ -1,8 +1,6 @@
title: Check for unsigned EXEs/DLLs
description: hogehoge
author: Yea
logsource:
product: windows
detection:
selection:
Channel: Sysmon
@@ -11,7 +9,6 @@ detection:
# condition: selection
falsepositives:
- unknown
level: low
output: 'Message: Unsigned Image(DLL)¥n Result : Loaded by: %event_data.Image%¥nCommand : %event_data.ImageLoaded%'
creation_date: 2020/11/8
uodated_date: 2020/11/8