Skip to content

Commit

Permalink
Update rules/windows/process_creation/proc_creation_win_susp_eventlog…
Browse files Browse the repository at this point in the history 
…_content_recon.yml
  • Loading branch information
@nasbench
nasbench authored Nov 20, 2023
1 parent 89b79c5 commit 544c220
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/windows/process_creation/proc_creation_win_susp_eventlog_content_recon.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ related:
type: derived
status: experimental
description: |
Detects execution of different log query utilities to search dump the content of specific event logs or look for specific event IDs.
Detects execution of different log query utilities to search and dump the content of specific event logs or look for specific event IDs.
references:
- http://blog.talosintelligence.com/2022/09/lazarus-three-rats.html
- https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
Expand Down

0 comments on commit 544c220

Please sign in to comment.