wazuh-ruleset icon indicating copy to clipboard operation
wazuh-ruleset copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Added MS Powershell rules

Open Bob-Andrews opened this issue 6 years ago • 2 comments

Added rules for starting/stopping powershell, command execution, catching background activity and possibly dangerous commands

Bob-Andrews avatar Jan 18 '19 11:01 Bob-Andrews

Hello @Bob-Andrews,

Sorry for the late reply.

Our team is going to review your contribution and see if it is possible to add it to Wazuh-ruleset. Thank you for participating in our project


Best regards,

Juan Pablo Sáez

Zenidd avatar May 24 '19 08:05 Zenidd

Hi @Bob-Andrews I tried to copy this rule in my setup as I was looking for same use cases but it is showing duplicate entries.

ossec-analysisd: ERROR: Duplicate rule ID:88201

Jackson-Pollock avatar Apr 02 '21 10:04 Jackson-Pollock