Mirrors/keyboardcrunch-sentinelone-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/sentinelone-queries synced 2026-06-11 02:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleaned up signature descriptions and metadata.

Browse Source
This commit is contained in:
keyboardcrunch
2020-12-05 21:45:38 -06:00
parent 08e20670ee
commit 4d6ac236bc
59 changed files with 284 additions and 285 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries/windows/browser_extension_installation.yml
+6 -7
View File
@@ -1,17 +1,16 @@
title: Browser Extension Installation
description: This query takes a lazy approach to detecting the staging of xpi or crx
extension packages for installation within Chrome and Firefox based browsers. Unsure
how to filter our extension updates without excluding too much.
description: Lazy quyer for detecting the staging of xpi or crx
extension packages for installation within Chrome and Firefox based browsers.
author: keyboardcrunch
date: 10/10/2020
modified: null
modified: 05/12/2020
mitre:
tactic: Persistence
technique: T1176
subtechnique: null
subtechnique:
operating_system: windows
query: ( FileFullName RegExp "\bWebstore Downloads\b.*\.(crx)$" OR FileFullName RegExp
"\bstaged\b.*\.(xpi)$" ) AND EventType = "File Creation"
false_positives: null
tags: null
false_positives:
tags: