Skip to content

Commit

Permalink
fixed #40
Browse files Browse the repository at this point in the history
  • Loading branch information
netevert committed Jun 21, 2020
1 parent e020e8b commit a651ae9
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
[![Maintenance](https://img.shields.io/maintenance/yes/2020.svg?style=flat-square)]()
[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
[![](https://img.shields.io/badge/2019-DEF%20CON%2027-blueviolet?style=flat-square)](https://cloud-village.org/#talks?olafedoardo)
<!--
[![](https://img.shields.io/badge/Azure%20Sentinel%20workbooks%20gallery-grey?style=flat-square&logo=microsoft-azure)](https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/SysmonThreatHunting.json)
-->

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and [MITRE ATT&CK](https://attack.mitre.org/) on Azure Sentinel.

Expand Down
2 changes: 1 addition & 1 deletion parser/Sysmon-OSSEM.txt
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ process_id = EventDetail.[4].["#text"],process_path = EventDetail.[5].["#text"],
;
processEvents;
};
let SysmonEvent13__RegistrySetValue=() {
let SysmonEvent13_RegistrySetValue=() {
let processEvents = EventData
| where EventID == 13
| extend rule_name = EventDetail.[0].["#text"], EventType = EventDetail.[1].["#text"], event_creation_time = EventDetail.[2].["#text"], process_guid = EventDetail.[3].["#text"],
Expand Down

0 comments on commit a651ae9

Please sign in to comment.