infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete helk_sysmon_wevtutil.yml 

fix https://github.com/Cyb3rWard0g/HELK/issues/345
neu5ron-patch-1
Cyb3rWard0g 2019-10-02 21:31:17 -04:00
parent a4d3a39a28
commit eadc7aa810
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docker/helk-elastalert/rules/helk_sysmon_wevtutil.yml
View File

@ -1,13 +0,0 @@
alert:
- debug
description: Detects adversaries clearing logs via wevtutil
filter:
- query:
query_string:
query: (event_id:1 AND process_command_line:wevtutil AND process_command_line:cl)
index: logs-endpoint-winevent-sysmon-*
name: Windows-wevtutil-clear-logs_0
priority: 2
realert:
minutes: 0
type: any