Docs Request: Logsource #50

defensivedepth · 2023-01-06T16:31:13Z

defensivedepth
Jan 6, 2023

I would suggest documenting the logsource for this rule: https://github.com/SigmaHQ/sigma-specification/blob/main/Taxonomy_specification.md#windows-folder

builtin/Mimikatz

REF: SigmaHQ/sigma#3871 (comment)

nasbench · 2023-01-19T00:20:11Z

nasbench
Jan 19, 2023
Maintainer

Should be resolved in #55

I added a small description when using only the product as a log source that indicates all logs of a specific OS

0 replies

defensivedepth · 2023-01-19T17:11:37Z

defensivedepth
Jan 19, 2023
Author

Thanks @nasbench

For clarity, is the intent that All Windows Logs means all of the logsources defined under the Windows section there?

1 reply

nasbench Jan 19, 2023
Maintainer

It's supposed to mean all windows logs that the person collects in their env in theory. Since the service/category specifies a set of channels or EIDs.

If you could think of better wording/description for it. I would add it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Docs Request: Logsource #50

{{title}}

Replies: 2 comments 1 reply

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Docs Request: Logsource #50

defensivedepth Jan 6, 2023

Replies: 2 comments · 1 reply

nasbench Jan 19, 2023 Maintainer

defensivedepth Jan 19, 2023 Author

nasbench Jan 19, 2023 Maintainer

defensivedepth
Jan 6, 2023

Replies: 2 comments 1 reply

nasbench
Jan 19, 2023
Maintainer

defensivedepth
Jan 19, 2023
Author

nasbench Jan 19, 2023
Maintainer