Are no repetitive attacks in the cases correct?

dsnslab / NetworkSecurity

6 stars 1 forks source link

Are no repetitive attacks in the cases correct? #26

Closed zodf0055980 closed 3 years ago

zodf0055980 commented 4 years ago

Hello, I find Attack_1,3,5 have CVE-2020-0796-RCE-POC AccessList in winlogbeat. It is mean one of Attack_1,3,5 has Malicious Attachment? If no repetitive attacks, Why winlogbeat have its accessList log?

SnowWhite1129 commented 4 years ago

In each case, there's exactly one attack.

zodf0055980 commented 3 years ago

So CVE-2020-0796-RCE-POC AccessList in winlogbeat is used to confuse? Or it is a Typographical error.

jehoshuapratama commented 3 years ago

It might appears in other logs too I believe. Just see which one is unique between those three and you will find the right class. If CVE-2020-0796-RCE-POC is not unique then simply ignore it in my opinion.