Update MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml

2025-11-03 21:33:16 +00:00 · 2022-08-17 21:41:08 -05:00
parent b48a42788d
commit 56efceb779
1 changed files with 11 additions and 0 deletions
--- a/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml
+++ b/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml
@@ -438,5 +438,16 @@
 </mitre>
 <options>no_full_log</options>
 <group>sysmon_event_13,</group>
 </rule>
  <!-- Sysmon - Event 13: PsExec Detection -->
 <rule id="112141" level="13">
 <if_sid>61615</if_sid>
 <field name="win.eventdata.TargetObject">\\\\PsExec\\\\EulaAccepted$</field>
 <description>Sysmon - Event 13: RegistryEvent PsExec EulaAccepted Detected</description>
 <mitre>
 <id>T1047</id>
 </mitre>
 <options>no_full_log</options>
 <group>sysmon_event_13,</group>
 </rule>
 </group>