Skip to content

Commit

Permalink
Merge pull request #843 from splunk/ssa_services_lolbas
Browse files Browse the repository at this point in the history
adding dataset for SSA_XML
  • Loading branch information
patel-bhavin authored Oct 2, 2023
2 parents 2a9ede8 + 951fd74 commit 6fecda6
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
Git LFS file not shown
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
author: Bhavin Patel
id: cc9b2651-efc9-11eb-926b-550bf0143fbb
date: '2023-10-02'
description: 'Attack data for services.exe spawning msiexec'
environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1543.003/services_lolbas_execution/4688_xml_windows_security.log
sourcetypes:
- XmlWinEventLog
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md
- https://atomicredteam.io/privilege-escalation/T1543.003/

0 comments on commit 6fecda6

Please sign in to comment.