paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-02 21:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update and rename 91550-win_autoruns_rules.xml to 100050-win_autoruns_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-03-07 07:58:47 -06:00
committed by GitHub
parent becee4e47b
commit e65777a605
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Windows Autoruns/91550-win_autoruns_rules.xml → Windows Autoruns/100050-win_autoruns_rules.xml
View File

@@ -1,5 +1,5 @@
<group name="windows,"> <group name="windows,">
<rule id="91550" level="10"> <rule id="100050" level="10">
<decoded_as>json</decoded_as> <decoded_as>json</decoded_as>
<field name="Entry">\.+</field> <field name="Entry">\.+</field>
<field name="EntryLocation">\.+</field> <field name="EntryLocation">\.+</field>
@@ -10,8 +10,8 @@
<options>no_full_log</options> <options>no_full_log</options>
<group>windows_autoruns,</group> <group>windows_autoruns,</group>
</rule> </rule>
<rule id="91551" level="10"> <rule id="100051" level="10">
<if_sid>91550</if_sid> <if_sid>100050</if_sid>
<field name="VTdetection">Unknown</field> <field name="VTdetection">Unknown</field>
<description>Windows Autoruns - VirusTotal Unknown Signature</description> <description>Windows Autoruns - VirusTotal Unknown Signature</description>
<mitre> <mitre>
@@ -20,8 +20,8 @@
<options>no_full_log</options> <options>no_full_log</options>
<group>windows_autoruns,</group> <group>windows_autoruns,</group>
</rule> </rule>
<rule id="91552" level="12"> <rule id="100052" level="12">
<if_sid>91550</if_sid> <if_sid>100050</if_sid>
<field name="VTdetection">^\d\d\|</field> <field name="VTdetection">^\d\d\|</field>
<description>Windows Autoruns - VirusTotal Hit Above 10 Matches</description> <description>Windows Autoruns - VirusTotal Hit Above 10 Matches</description>
<mitre> <mitre>