securityonion icon indicating copy to clipboard operation
securityonion copied to clipboard

Published 20 hours ago verified publisher icon Security-Onion-Solutions

FIX: Sigmac Field Mappings

Open defensivedepth opened this issue 2 years ago • 2 comments 

    product: windows
    category: raw_access_thread

  product: windows
  category: create_stream_hash

   product: windows
   category: create_remote_thread

CF: https://github.com/Security-Onion-Solutions/securityonion/discussions/8105

defensivedepth avatar Jun 14 '22 11:06 defensivedepth

product: windows category: wmi_event

From Play 492 "WMI Event Subscription" (id: 0f06a3a5-6a09-413f-8743-e6cf35561297)

batref avatar Jun 20 '22 19:06 batref

product: windows category: file_block (Sysmon EventID 27)

"Sysmon Blocked Executable" (id: 23b71bc5-953e-4971-be4c-c896cda73fc2)

batref avatar Aug 23 '22 07:08 batref