paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-04 05:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update and rename 91550-win_autoruns_rules.xml to 100050-win_autoruns_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-03-07 07:58:47 -06:00
committed by GitHub
parent becee4e47b
commit e65777a605
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Windows Autoruns/91550-win_autoruns_rules.xml → Windows Autoruns/100050-win_autoruns_rules.xml
View File

@@ -1,5 +1,5 @@
<group name="windows,">
<rule id="91550" level="10">
<rule id="100050" level="10">
<decoded_as>json</decoded_as>
<field name="Entry">\.+</field>
<field name="EntryLocation">\.+</field>
@@ -10,8 +10,8 @@
<options>no_full_log</options>
<group>windows_autoruns,</group>
</rule>
<rule id="91551" level="10">
<if_sid>91550</if_sid>
<rule id="100051" level="10">
<if_sid>100050</if_sid>
<field name="VTdetection">Unknown</field>
<description>Windows Autoruns - VirusTotal Unknown Signature</description>
<mitre>
@@ -20,8 +20,8 @@
<options>no_full_log</options>
<group>windows_autoruns,</group>
</rule>
<rule id="91552" level="12">
<if_sid>91550</if_sid>
<rule id="100052" level="12">
<if_sid>100050</if_sid>
<field name="VTdetection">^\d\d\|</field>
<description>Windows Autoruns - VirusTotal Hit Above 10 Matches</description>
<mitre>