paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-03 13:23:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 200200-osquery.xml

Browse Source
This commit is contained in:
taylor_socfortress
2022-12-30 11:00:25 -06:00
committed by GitHub
parent b4e473510e
commit 4cdc9485bd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Osquery/200200-osquery.xml
View File

@@ -617,7 +617,7 @@
<!-- https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_user_discovery.yml -->
<rule id="200287" level="12">
<if_sid>200223</if_sid>
<field name="columns.cmdline">users|w|who</field>
<field name="columns.cmdline">^users$|^w$|^who$</field>
<description>Adversaries may use the information from System Owner/User Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.</description>
<options>no_full_log</options>
<mitre>