c8b00925-926c-47e3-beea-298fd563728e Possible incorrect field/value pairing #4572
Assignees
Labels
Bug
Indicates a bug with one of the tools and features provided by the project
Comments
|
Welcome @Blackmore-Robert 👋 It looks like this is your first issue on the Sigma rules repository! The following repository accepts issues related to If you're reporting an issue related to the pySigma library please consider submitting it here If you're reporting an issue related to the deprecated sigmac library please consider submitting it here Thanks for taking the time to open this issue, and welcome to the Sigma community! 😃 |
|
Hey @Blackmore-Robert thanks for opening this issue. I agree with you this seems to be a typo/mistake in the rule. I'll get it fixed asap :) Cheers. |
nasbench
added
the
Bug
nasbench
added a commit
to nasbench/sigma
that referenced
this issue
Nov 15, 2023
Merged
Merged
nasbench
added a commit
to nasbench/sigma
that referenced
this issue
Dec 4, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
title: Remote Access Tool Services Have Been Installed - Security
id: c8b00925-926c-47e3-beea-298fd563728e
This is the first time I'm posting here and am hopefully adhering to the guidelines.
This rule uses 'ServiceFileName' in the selection; however, based on my research into this Windows event and log, I think it should be 'ServiceName' instead. We could certainly use the 'ServiceFileName' field if we want to use the executable path instead. Please let me know if I've made an error, thanks!
The text was updated successfully, but these errors were encountered: