Added detection for CVE-2017-0199 and CVE-2017-8759.

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.73k stars 1.69k forks source link

Added detection for CVE-2017-0199 and CVE-2017-8759. #118

Open d4rk-d4nph3 opened 4 years ago

d4rk-d4nph3 commented 4 years ago

Added Event ID 3 logging for CVE-2017-0199 and CVE-2017-8759. These two CVE falls in the Top 10 Routinely Exploited Vulnerabilities 2016-2019 report released by US Department of Homeland Security.

d4rk-d4nph3 commented 4 years ago

@jokezone I fully agree on this. The person configuring must be well aware of this issue as it is a double edged sword- being equally important for detection and being noisy as well if not handled well.

SwiftOnSecurity commented 3 years ago

This is under testing