Skip to content

Commit

Permalink
Convert to process_creation
Browse files Browse the repository at this point in the history 
Convert to process_creation
  • Loading branch information
@caliskanfurkan
caliskanfurkan authored Jun 4, 2020
1 parent 09afae1 commit bafd6bd
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title: "Muddywater DNS tunnel method detection"
title: "Muddywater DNS tunnel detection"
description: "Detecting DNS tunnel activity from Muddywater"
author: Furkan Caliskan
status: "testing"
Expand All @@ -9,8 +9,8 @@ tags:
- attack.command_and_control
- attack.t1071
logsource:
product: "windows"
service: "sysmon"
category: process_creation
product: windows
detection:
selection:
EventID: 1
Expand Down

0 comments on commit bafd6bd

Please sign in to comment.