CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added test files in default_details.txt

Browse Source
This commit is contained in:
DustInDark
2022-06-19 23:12:04 +09:00
parent 659b20ef12
commit aecdabe4fe
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test_files/config/default_details.txt Normal file
View File

@@ -0,0 +1,5 @@
Provider, EID, Details
Microsoft-Windows-PowerShell/Operational, 4104, '%ScriptBlockText%'
Microsoft-Windows-Security-Auditing, 4624, 'User: %TargetUserName% | Comp: %WorkstationName% | IP Addr: %IpAddress% | LID: %TargetLogonId% | Process: %ProcessName%'
Microsoft-Windows-Sysmon/Operational, 1, 'Cmd: %CommandLine% | Process: %Image% | User: %User% | Parent Cmd: %ParentCommandLine% | LID: %LogonId% | PID: %ProcessId% | PGUID: %ProcessGuid%'
Service Control Manager, 7031, 'Svc: %param1% | Crash Count: %param2% | Action: %param5%'