sigma icon indicating copy to clipboard operation
sigma copied to clipboard
verified publisher icon SigmaHQ

Update proc_creation_win_findstr_security_keyword_lookup.yml

Open MalGamy12 opened this issue 1 year ago • 1 comments

Summary of the Pull Request

Update Rule: security Tools Keyword Lookup Via Findstr.EXE

Changelog

Update proc_creation_win_findstr_security_keyword_lookup.yml

Example Log Event

Add some security keywords to the list. https://www.joesandbox.com/analysis/1547706/0/html

image

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

MalGamy12 avatar Nov 20 '24 13:11 MalGamy12

Also requested by https://github.com/SigmaHQ/sigma/issues/5539

nasbench avatar Oct 19 '25 10:10 nasbench