Mirrors/keyboardcrunch-sentinelone-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/sentinelone-queries synced 2026-06-08 17:07:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

changed to arg detection vs file detection

Browse Source
This commit is contained in:
keyboardcrunch
2021-06-08 14:07:33 -05:00
committed by GitHub
parent 90651e37c2
commit e1fdca6dfa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries/windows/cmstp_signed_binary_proxy_execution.yml
+1 -1
View File
@@ -8,7 +8,7 @@ mitre:
technique: T1218
subtechnique: 003
operating_system: windows
query: SrcProcName = "cmstp.exe" AND SrcProcCmdLine RegExp "^.*\.(inf)"
query: SrcProcName = "cmstp.exe" AND SrcProcCmdLine ContainsCIS "/ni /s"
false_positives:
tags: