paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 00:02:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 113101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT14.xml

Browse Source
This commit is contained in:
taylor_socfortress
2025-08-06 11:01:55 -05:00
committed by GitHub
parent a52a8a4c9c
commit b8b2c759f8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Windows_Sysmon/113101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT14.xml
View File

@@ -440,7 +440,7 @@
<group>sysmon_event_14,</group>
</rule>
<!-- Sysmon - Event 14: RegistryEvent (Key and Value Rename) by $(win.eventdata.image) -->
<rule id="113141" level="12">
<rule id="113141" level="10">
<if_sid>61616</if_sid>
<field name="win.eventdata.RuleName">^technique_id=T1113,technique_name=Recall Enabled via Registry Delete$</field>
<description>Sysmon - Event 14: RegistryEvent (Key and Value Rename) by $(win.eventdata.image)</description>