sysmon-config icon indicating copy to clipboard operation
sysmon-config copied to clipboard

Published 20 hours ago verified publisher icon SwiftOnSecurity

Added detection for CVE-2017-0199 and CVE-2017-8759.

Open d4rk-d4nph3 opened this issue 4 years ago • 2 comments

Added Event ID 3 logging for CVE-2017-0199 and CVE-2017-8759. These two CVE falls in the Top 10 Routinely Exploited Vulnerabilities 2016-2019 report released by US Department of Homeland Security.

d4rk-d4nph3 avatar May 21 '20 14:05 d4rk-d4nph3

@jokezone I fully agree on this. The person configuring must be well aware of this issue as it is a double edged sword- being equally important for detection and being noisy as well if not handled well.

d4rk-d4nph3 avatar May 22 '20 09:05 d4rk-d4nph3

This is under testing

SwiftOnSecurity avatar Feb 16 '21 22:02 SwiftOnSecurity