You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The file 11_file_create\include_cve_2021_40444.xml appears to have a outside of the , I cant find other rules like this. Is this an error in the module?
Additonally, as show below the file 10_process_access\include_hook_check.xml is missing a condition, but I am not certain if this is an error?
Originally posted by 3ch035 November 15, 2023
I am having trouble finding documentation on how rules lacking a condition work? Such as the ones in:
"sysmon-modular\10_process_access\include_hook_check.xml" <GrantedAccess name="technique_id=T1055.012,technique_name=Process Hollowing">0x0800</GrantedAccess>
The text was updated successfully, but these errors were encountered:
The file 11_file_create\include_cve_2021_40444.xml appears to have a outside of the , I cant find other rules like this. Is this an error in the module?
Additonally, as show below the file 10_process_access\include_hook_check.xml is missing a condition, but I am not certain if this is an error?
Discussed in #191
Originally posted by 3ch035 November 15, 2023
I am having trouble finding documentation on how rules lacking a condition work? Such as the ones in:
"sysmon-modular\10_process_access\include_hook_check.xml"
<GrantedAccess name="technique_id=T1055.012,technique_name=Process Hollowing">0x0800</GrantedAccess>The text was updated successfully, but these errors were encountered: