CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a00a114101ab33eda2e75c9cf2ddab57cccea821
hayabusa/rules/sigma/builtin/win_audit_cve.yml
DustInDark 0cfa806baf Feature/addruletype to sigma rule#230 (#235) 
* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231
2021-11-28 18:14:51 +09:00

40 lines
1.0 KiB
YAML
Raw Blame History

title: Audit CVE Event
author: Florian Roth
date: 2020/01/15
description: Detects events generated by Windows to indicate the exploitation of a
known vulnerability (e.g. CVE-2020-0601)
detection:
SELECTION_1:
Provider_Name: Microsoft-Windows-Audit-CVE
condition: SELECTION_1
falsepositives:
- Unknown
id: 48d91a3a-2363-43ba-a456-ca71ac3da5c2
level: critical
logsource:
product: windows
service: application
modified: 2021/10/13
references:
- https://twitter.com/mattifestation/status/1217179698008068096
- https://twitter.com/VM_vivisector/status/1217190929330655232
- https://twitter.com/davisrichardg/status/1217517547576348673
- https://twitter.com/DidierStevens/status/1217533958096924676
- https://twitter.com/FlemmingRiis/status/1217147415482060800
status: experimental
tags:
- attack.execution
- attack.t1203
- attack.privilege_escalation
- attack.t1068
- attack.defense_evasion
- attack.t1211
- attack.credential_access
- attack.t1212
- attack.lateral_movement
- attack.t1210
- attack.impact
- attack.t1499.004
ruletype: SIGMA
Reference in New Issue View Git Blame Copy Permalink