Skip to content

Commit

Permalink
Sigma Rule Update (2023-09-28 20:07:57) (#499)
Browse files Browse the repository at this point in the history 
Co-authored-by: hach1yon <hach1yon@users.noreply.github.com>
  • Loading branch information
@github-actions @hach1yon
github-actions[bot] and hach1yon authored Sep 28, 2023
1 parent 73149dc commit 549f9f1
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ references:
- https://github.com/RiccardoAncarani/TaskShell/
author: frack113, Tim Shelton (fps)
date: 2022/07/14
modified: 2023/09/01
modified: 2023/09/28
tags:
- attack.lateral_movement
- sysmon
Expand All @@ -30,6 +30,8 @@ detection:
Image: null
filter_image_null2:
Image: ''
filter_image_unknown:
Image: <unknown process>
condition: network_connection and (selection and not 1 of filter_*)
falsepositives:
- Unknown
Expand Down

0 comments on commit 549f9f1

Please sign in to comment.