CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2e3b4a08ba220b4a823be9105f96b51be2b730a2
hayabusa/test_files/rules/yaml/exclude5.yml
DustInDark 91a89a42ad fixed test
2022-06-22 00:21:58 +09:00

24 lines
514 B
YAML
Raw Blame History

title: Excluded Rule 5
date: 2019/04/18
detection:
SELECTION_1:
EventID: 4720
condition: SELECTION_1
falsepositives:
- Domain Controller Logs
- Local accounts managed by privileged account management tools
fields:
- EventCode
- AccountName
- AccountDomain
id: 00000000-0000-0000-0000-000000000000
level: low
logsource:
product: windows
service: security
modified: 2020/08/23
references:
- https://patrick-bareiss.com/detecting-local-user-creation-in-ad-with-sigma/
status: experimental
ruletype: SIGMA
Reference in New Issue View Git Blame Copy Permalink