Mirrors/keyboardcrunch-sentinelone-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/sentinelone-queries synced 2026-06-11 02:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed LSASSMemoryAccessed due to HIGH FP

Browse Source
This commit is contained in:
keyboardcrunch
2021-03-17 20:09:19 -05:00
parent 2f71277652
commit 166e451cf6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries/windows/os_credential_dumping.yml
+1 -1
View File
@@ -8,7 +8,7 @@ mitre:
technique: T1003 technique: T1003
subtechnique: null subtechnique: null
operating_system: linux operating_system: linux
query: RegistryKeyPath ContainsCIS "\Services\NPPSpy" OR IndicatorName In ( "Mimikatz", "CredsReadFromLsass", "LSASSMemoryAccessed", "DumpSAM", "PasswordSniffingViaNetworkProvider" ) query: RegistryKeyPath ContainsCIS "\Services\NPPSpy" OR IndicatorName In ( "Mimikatz", "CredsReadFromLsass", "DumpSAM", "PasswordSniffingViaNetworkProvider" )
false_positives: null false_positives: null
tags: null tags: null
references: references: