frack113
frack113
Need to be check before close | Page | Sigma Rule ID / Link | Topic | |:--------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------:|---------------------------------------| | [61](https://image.slidesharecdn.com/kheirkhabarovoffzonefinal-181117201458/95/hunting-for-privilege-escalation-in-windows-environment-61-638.jpg) | Not possible | Token swapping, using Mimikatz driver |...
As it is a overlaps rule in the detection , we can close it.
SIgma is case insensitive for the data , It is a a elastic keyword vs text field trouble
Issue rewrite as too old
Summary rules to do |task| PR| |---|---| |1| X | |2| X | |3| X | |4| X | |5| X | |6| X | |7| X | |8| X...
Most action are detected even if get no alert on the encoding. Need to complex regex to catch then all
No reply
Before make the change , We must have a discution in https://github.com/SigmaHQ/sigma-specification for the V2 . You can open one `V2 proposal new RegistryPath, RegistryValue and RegistryData fields` Thanks