Update proc_creation_win_apt_forest_blizzard_activity.yml

SigmaHQ / sigma

Main Sigma Rule Repository

Other

7.84k stars 2.12k forks source link

Update proc_creation_win_apt_forest_blizzard_activity.yml #4857

Closed nischalkhadgi62 closed 1 month ago

nischalkhadgi62 commented 1 month ago

Summary of the Pull Request

Changelog

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

If your PR adds new rules, please consider following and applying these conventions

nischalkhadgi62 commented 1 month ago

@nasbench , I think it might be good idea to include registry events as well when hunting for Forest Blizzard's processes and command-line activities.

nasbench commented 1 month ago

Your addition is already covered by other rules in the repo. https://github.com/SigmaHQ/sigma/blob/f334abfd29d37f9a73b219219fa3f92ac14253d7/rules/windows/process_creation/proc_creation_win_reg_dumping_sensitive_hives.yml

Closing this as duplicate