Create 121201-MITRE_TECHNIQUES_FROM_SYSMON_EVENT6.xml

2025-10-23 00:02:11 +00:00 · 2024-08-20 15:46:49 -05:00
parent 711e042885
commit 85e62f698b
1 changed files with 8 additions and 0 deletions
--- a/Windows_Sysmon/121201-MITRE_TECHNIQUES_FROM_SYSMON_EVENT6.xml
+++ b/Windows_Sysmon/121201-MITRE_TECHNIQUES_FROM_SYSMON_EVENT6.xml
@@ -0,0 +1,8 @@
+<group name="windows,sysmon,">
+<rule id="121201" level="3">
+<if_sid>61608</if_sid>
+<description>Driver loaded: $(win.eventdata.imageLoaded)</description>
+<options>no_full_log</options>
+<group>sysmon_event_6,</group>
+</rule>
+</group>