search

OTRF / ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
MIT License
4.01k stars 807 forks source link

Typos in atomic Sysmon configs results in a failure to parse #6

Closed mattifestation closed 6 years ago

mattifestation commented 6 years ago

There are many ProcessCreate closing tags that have a "]" in them - e.g. T0000_bitsadmin.xml

Cyb3rWard0g commented 6 years ago

Fixed with Commit: https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/commit/0f132722b58a601afe90d148b75e1613ef5a3085