Skip to content

[Rule Tuning] Modification of AmsiEnable Registry Key - Sysmon#1760

Merged
w0rk3r merged 2 commits intomainfrom
amsienable_sysmon
Feb 11, 2022
Merged

[Rule Tuning] Modification of AmsiEnable Registry Key - Sysmon#1760
w0rk3r merged 2 commits intomainfrom
amsienable_sysmon

Conversation

@w0rk3r
Copy link
Copy Markdown
Contributor

@w0rk3r w0rk3r commented Feb 7, 2022

Summary

Add support to Sysmon registry events

@w0rk3r w0rk3r added Rule: Tuning tweaking or tuning an existing rule OS: Windows windows related rules Domain: Endpoint labels Feb 7, 2022
@w0rk3r w0rk3r self-assigned this Feb 7, 2022
@w0rk3r w0rk3r mentioned this pull request Feb 9, 2022
Closed
DefSecSentinel
DefSecSentinel approved these changes Feb 11, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@DefSecSentinel DefSecSentinel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

brokensound77
brokensound77 approved these changes Feb 11, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - did you review other existing registry rules for similar compatibilities

@w0rk3r
Copy link
Copy Markdown
Contributor Author

w0rk3r commented Feb 11, 2022

@brokensound77 not yet, but it is already planned, and I expect it to be a lot of rules

Here is the issue: #1766

@w0rk3r w0rk3r merged commit 9c56b00 into main Feb 11, 2022
@w0rk3r w0rk3r deleted the amsienable_sysmon branch February 11, 2022 20:49
protectionsmachine pushed a commit that referenced this pull request Feb 11, 2022
@w0rk3r @github-actions
Modification of AmsiEnable Registry Key - Sysmon support (#1760)
a9f2278 
(cherry picked from commit 9c56b00)
protectionsmachine pushed a commit that referenced this pull request Feb 11, 2022
@w0rk3r @github-actions
Modification of AmsiEnable Registry Key - Sysmon support (#1760)
d6ed47f 
(cherry picked from commit 9c56b00)
protectionsmachine pushed a commit that referenced this pull request Feb 11, 2022
@w0rk3r @github-actions
Modification of AmsiEnable Registry Key - Sysmon support (#1760)
68b73e9 
(cherry picked from commit 9c56b00)
protectionsmachine pushed a commit that referenced this pull request Feb 11, 2022
@w0rk3r @github-actions
Modification of AmsiEnable Registry Key - Sysmon support (#1760)
817400d 
(cherry picked from commit 9c56b00)
protectionsmachine pushed a commit that referenced this pull request Feb 11, 2022
@w0rk3r @github-actions
Modification of AmsiEnable Registry Key - Sysmon support (#1760)
c594297 
(cherry picked from commit 9c56b00)
protectionsmachine pushed a commit that referenced this pull request Feb 11, 2022
@w0rk3r @github-actions
Modification of AmsiEnable Registry Key - Sysmon support (#1760)
cd40076 
(cherry picked from commit 9c56b00)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DefSecSentinel DefSecSentinel DefSecSentinel approved these changes

@Samirbous Samirbous Samirbous approved these changes

+1 more reviewer

@brokensound77 brokensound77 brokensound77 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@w0rk3r w0rk3r

Labels

backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@w0rk3r @brokensound77 @DefSecSentinel @Samirbous