paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 121201-MITRE_TECHNIQUES_FROM_SYSMON_EVENT6.xml

Browse Source
This commit is contained in:
taylor_socfortress
2024-08-20 15:46:49 -05:00
committed by GitHub
parent 711e042885
commit 85e62f698b
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Windows_Sysmon/121201-MITRE_TECHNIQUES_FROM_SYSMON_EVENT6.xml Normal file
View File

@@ -0,0 +1,8 @@
<group name="windows,sysmon,">
<rule id="121201" level="3">
<if_sid>61608</if_sid>
<description>Driver loaded: $(win.eventdata.imageLoaded)</description>
<options>no_full_log</options>
<group>sysmon_event_6,</group>
</rule>
</group>