Skip to content

Commit

Permalink
Merge pull request #2 from frack113/update_readme
Browse files Browse the repository at this point in the history 
Small Update
  • Loading branch information
@thomaspatzke
thomaspatzke authored Apr 2, 2022
2 parents c9c5b9b + f7f7d15 commit 69b349a
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 3 deletions.
23 changes: 22 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,28 @@ Currently the pipeline adds support for the following event types (Sigma logsour
* process_creation: 1
* file_change: 2
* network_connection: 3
* process_termination: 5
* sysmon_status: 4,16
* driver_load: 6
* image_load: 7
* create_remote_thread: 8
* raw_access_thread: 9
* process_access: 10
* file_event: 11
* registry_add: 12
* registry_delete: 12
* registry_set: 13
* registry_rename: 14
* registry_event: 12,13,14
* create_stream_hash: 15
* pipe_created: 17,18
* wmi_event: 19,20,21
* dns_query: 22
* file_delete: 23,26
* clipboard_capture: 24
* process_tampering: 25
* sysmon_error: 255

This backend is currently maintained by:

* [Thomas Patzke](https://github.com/thomaspatzke/)
* [Thomas Patzke](https://github.com/thomaspatzke/)
4 changes: 2 additions & 2 deletions sigma/pipelines/sysmon/sysmon.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ def sysmon_pipeline():
]
),
ProcessingItem(
identifier="sysmon_process_creation_logsource",
identifier="sysmon_{log_source}_logsource",
transformation=ChangeLogsourceTransformation(
product="windows",
service="sysmon",
Expand All @@ -66,4 +66,4 @@ def sysmon_pipeline():
)
)
]
)
)

0 comments on commit 69b349a

Please sign in to comment.