paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-04 05:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 109100-win_sysmon_new_events.xml

Browse Source
This commit is contained in:
taylor_socfortress
2024-08-22 10:03:56 -05:00
committed by GitHub
parent 85e62f698b
commit 63cb5480bb
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Sysmon New Events/109100-win_sysmon_new_events.xml
View File

@@ -15,10 +15,13 @@
<group>sysmon_event_18,</group> <group>sysmon_event_18,</group>
</rule> </rule>
<rule id="61644" level="1" overwrite="yes"> <rule id="61644" level="3" overwrite="yes">
<if_sid>61600</if_sid> <if_sid>61600</if_sid>
<field name="win.system.eventID">^22$</field> <field name="win.system.eventID">^22$</field>
<description>Sysmon - Event 22: DNS Request by $(win.eventdata.image)</description> <description>Sysmon - Event 22: DNS Request by $(win.eventdata.image)</description>
<mitre>
<id>T1071</id>
</mitre>
<options>no_full_log</options> <options>no_full_log</options>
<group>sysmon_event_22,</group> <group>sysmon_event_22,</group>
</rule> </rule>