syntax for "process_command_line" with "sc" wrong in savedsearches.conf

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.13k stars 177 forks source link

Closed bmk666 closed 5 years ago

bmk666 commented 5 years ago

There is a "*" missing in front of "sc":

process_command_line="sc*create*binpath*"

process_command_line="*sc*create*binpath"

BR, BMK

bmk666 commented 5 years ago

I made a pull request for this

olafhartong commented 5 years ago

PR merged