CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
097b04500e6bde65a879d198db140f72a2f5b7f9
hayabusa/rules/deep_blue_cli/security/4673.yml
James 4a1e46e47e Feature/#140 document (#144) 
* update

* fix regexes and whitelist

* underconstructing

* fix

* update

* add pic

* update

* update

* update

* fix
2021-10-22 00:43:40 +09:00

17 lines
482 B
YAML
Raw Blame History

title: Sensitive Privilede Use (Mimikatz)
description: hogehoge
author: Yea
detection:
selection:
Channel: Security
EventID: 4673
# condition: selection | count(EventID) > 4
falsepositives:
- unknown
output: |
Sensitive Privilege Use Exceeds Threshold
Potentially indicative of Mimikatz, multiple sensitive priviledge calls have been made.
UserName:%SubjectUserName% Domain Name:%DomainName%
creation_date: 2020/11/8
updated_date: 2020/11/8
Reference in New Issue View Git Blame Copy Permalink