sysmon-config
sysmon-config copied to clipboard
Added detection for CVE-2017-0199 and CVE-2017-8759.
Added Event ID 3 logging for CVE-2017-0199 and CVE-2017-8759. These two CVE falls in the Top 10 Routinely Exploited Vulnerabilities 2016-2019 report released by US Department of Homeland Security.
@jokezone I fully agree on this. The person configuring must be well aware of this issue as it is a double edged sword- being equally important for detection and being noisy as well if not handled well.
This is under testing