CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c299edd62d1436cf110ecbaccfa388dec9df69fb
hayabusa/test_files/rules/yaml/exclude3.yml
DustInDark 91a89a42ad fixed test
2022-06-22 00:21:58 +09:00

23 lines
440 B
YAML
Raw Blame History

title: Excluded Rule 3
date: 2021/05/03
detection:
SELECTION_1:
EventID: 4720
SELECTION_2:
TargetUserName: '*$'
condition: (SELECTION_1 and SELECTION_2)
falsepositives:
- unknown
fields:
- EventCode
- AccountName
id: 00000000-0000-0000-0000-000000000000
level: high
logsource:
product: windows
service: security
references:
- https://twitter.com/SBousseaden/status/1387743867663958021
status: experimental
ruletype: SIGMA
Reference in New Issue View Git Blame Copy Permalink