trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Filter AutorunsToWinEventlog invocation more widely

Browse Source
This commit is contained in:
Chris Long
2020-08-13 14:14:36 -07:00
committed by GitHub
parent 769dabf8a6
commit 5b712a8f86
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Vagrant/resources/splunk_server/transforms.conf
View File

@@ -20,7 +20,7 @@ DEST_KEY = queue
FORMAT = nullQueue FORMAT = nullQueue
[autoruns_wineventlog_null] [autoruns_wineventlog_null]
REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1" REGEX = "C:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
DEST_KEY = queue DEST_KEY = queue
FORMAT = nullQueue FORMAT = nullQueue