paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-03 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
taylor_socfortress
2023-01-14 05:37:00 -06:00
committed by GitHub
parent 446e62ff62
commit 69ecb60995
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Windows Chainsaw/README.md
View File

@@ -294,6 +294,19 @@ Chainsaw can also be regularly executed, triggered by a wodle command config on
```
Based on Chainsaw categories mentioned earlier, we can now build Wazuhs detection rules.
The below would invoke Chainsaw to run once every 24 hours:
```
<wodle name="command">
<disabled>no</disabled>
<tag>windows_inventory</tag>
<command>Powershell.exe -executionpolicy bypass -File "C:\Program Files\socfortress\chainsaw.ps1"</command>
<interval>24h</interval>
<ignore_output>yes</ignore_output>
<run_on_start>yes</run_on_start>
<timeout>0</timeout>
</wodle>
```
<!-- CONTACT -->
## Need Help?