Skip to content

Commit

Permalink
Update screenconnect.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
nterl0k authored Feb 28, 2024
1 parent d5de71d commit 5149975
Showing 1 changed file with 3 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,14 @@ environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1219/screenconnect/screenconnect_sysmon.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1219/screenconnect/screenconnect_palo.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1219/screenconnect/screenconnect_palo_traffic.log
sourcetypes:
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
- pan:threat
- pan:traffic
references:
- https://attack.mitre.org/techniques/T1219/
- https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/
- https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://applipedia.paloaltonetworks.com/

0 comments on commit 5149975

Please sign in to comment.