-
### Rule UUID
a7c3d773-caef-227e-a7e7-c2f13c622329
### Example EventLog
UtcTime: 2023-11-09 05:22:07.963
ProcessId: 14328
Image: C:\Windows\System32\rundll32.exe
FileVersion: 10.0.19041.3570 (Wi…
-
### Preflight Checklist
- [X] I have read the [Contributing Guidelines](https://github.com/electron/electron/blob/main/CONTRIBUTING.md) for this project.
- [X] I agree to follow the [Code of Conduct]…
-
### Rule UUID
ccb5742c-c248-4982-8c5c-5571b9275ad3
### Example EventLog
OriginalFileName: FINDSTR.EXE
CommandLine: findstr /i "defender"
LogonGuid: {8b59c806-0f5b-6532-93bb-1c0000000000}
LogonI…
-
## End-to-End (E2E) Testing Guideline
- **Documentation:** Always consult the development documentation for the current stage tag at [this link](https://documentation-dev.wazuh.com/v4.9.0-alpha3/in…
-
Events 1-27 already exist
```xml
28
5
Microsoft-Windows-Sysmon/Operational
Information
File Block Shredding (rule: FileBlockShredding)
]]>
29
5
Microsoft-Windows…
-
**Describe the bug**
Sysmon is terminated after some time with "stack smashing detected". It depends on the server but on 2 it gets terminated nearly instantly. On others it runs with luck some days.…
-
**What is the bug?**
Per Sigma guidelines, a field named CommandLine is required for the Windows category. However, in OpenSearch 2.6, this field is absent, which affects all rules reliant on comma…
-
Hey,
At the current Stage you get an error when trying to onvert to splunk cim due to missing field: OriginalFileName
like here with [sigmaio](https://sigmaio.app/):
` and `EventID: 1 (Sysmon)` rules.
However, due to imperfect field conversion, rules are created…
-
Thanks for your very nice tool, which works very well on an EN language Windows.
Anyhow it could be helpful if it would support other languages as well.
I have looked up the code and in 'GodPotato…