jischell-msft
commented
11 months ago @mgreen27 , I like the idea of searching against disk/ file/ registry indicators, this would need a new template for both file and registry artifacts
Open mgreen27 opened 11 months ago
jischell-msft
commented
11 months ago @mgreen27 , I like the idea of searching against disk/ file/ registry indicators, this would need a new template for both file and registry artifacts
This is an great project. I was wondering if you would also consider adding disk indicators in the future?
Here is an example of an MFT search Im using currently https://github.com/mgreen27/DetectRaptor/blob/master/vql/MFT.yaml#L58-L92
or Application search looking at install key https://github.com/mgreen27/DetectRaptor/blob/master/vql/Applications.yaml#L41-L90