avitex
/
cyberstorm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
cyberstorm/registry/observe/event/00000.md

1.5 KiB
Raw Blame History

+++ name = "Some event" description = "Some description"

WindowsEvent.sample xml = """ 4688 2 0 13312 0 0x8020000000000000 2814 Security WIN-GG82ULGC9GO.contoso.local S-1-5-18 WIN-GG82ULGC9GO$ CONTOSO 0x3e7 0x2bc C:\Windows\System32\rundll32.exe %%1938 0xe74 S-1-5-21-1377283216-344919071-3415362939-1104 dadmin CONTOSO 0x4a5af0 C:\Windows\explorer.exe S-1-16-8192 """ +++ Something about the event