You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
body: index=* ((((process="*comsvcs*") AND (process="*MiniDump*")) OR ((process="*comsvcs*") AND (process="*#24*"))) OR ((process="*comsvcs*") AND (process="*full*")))
86
85
logsource:
87
86
product: Windows # Sigma or OCSF products
88
87
log_name: Security # OCSF log names
@@ -92,9 +91,10 @@ logsource:
92
91
audit:
93
92
source: Windows Security Event Log
94
93
enable: Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> Detailed Tracking -> Audit Process
body: index=* ((((process="*comsvcs*") AND (process="*MiniDump*")) OR ((process="*comsvcs*") AND (process="*#24*"))) OR ((process="*comsvcs*") AND (process="*full*")))
@@ -125,9 +125,6 @@ To submit your pull request with your ideas or suggestions for changes, take the
125
125
126
126
Thank you for your contribution to the RootA project!
127
127
128
-
## Questions & Feedback
129
-
Please submit your technical feedback and suggestions to support@socprime.com or a **RootA** channel in [SOC Prime’s Discord](https://discord.gg/socprime). Also, refer to the [guidance for contributors](#how-to-contribute) to support the RootA project or simply [report issues](https://github.com/UncoderIO/RootA/issues).
130
-
131
128
## Maintainers
132
129
Driving the idea of establishing a unified language and toolkit for threat detection and response since 2015, SOC Prime team has developed RootA from the ground up, with major contributions to the project made by:
0 commit comments