Closed iosonogio closed 5 months ago
Many thanks for these resources! In the SIGMA rule possible_windows_dll_hijacking.yml this path should/could be filtered out: C:\Windows\SysWOW64\
possible_windows_dll_hijacking.yml
C:\Windows\SysWOW64\
That is:
filter: EventID: 7 ImageLoaded: - "C:\\Windows\\WinSxS\\*" - "C:\\Windows\\System32\\*" - "C:\\Windows\\SysWOW64\\*"
Many thanks for these resources! In the SIGMA rule
possible_windows_dll_hijacking.yml
this path should/could be filtered out:C:\Windows\SysWOW64\
That is: