Update MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml

2025-10-23 08:12:16 +00:00 · 2022-08-17 21:41:08 -05:00
parent b48a42788d
commit 56efceb779
1 changed files with 11 additions and 0 deletions
--- a/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml
+++ b/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml
@@ -438,5 +438,16 @@
 </mitre>
 <options>no_full_log</options>
 <group>sysmon_event_13,</group>
+</rule>
+  <!-- Sysmon - Event 13: PsExec Detection -->
+<rule id="112141" level="13">
+<if_sid>61615</if_sid>
+<field name="win.eventdata.TargetObject">\\\\PsExec\\\\EulaAccepted$</field>
+<description>Sysmon - Event 13: RegistryEvent PsExec EulaAccepted Detected</description>
+<mitre>
+<id>T1047</id>
+</mitre>
+<options>no_full_log</options>
+<group>sysmon_event_13,</group>
 </rule>
 </group>