honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 10:25:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Reword in EQL threat detection example

Browse Source
This commit is contained in:
James Rodewig 2020-08-14 15:50:31 -04:00
parent d0810cca19
commit 290adcd25e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/reference/eql/detect-threats-with-eql.asciidoc
View File

@ -147,9 +147,9 @@ register a script, `RegSvr32.sct`. This fits the behavior of a
https://attack.mitre.org/techniques/T1218/010/["Squiblydoo" attack], a known https://attack.mitre.org/techniques/T1218/010/["Squiblydoo" attack], a known
variant of `regsvr32` misuse. variant of `regsvr32` misuse.
The query also retrieved other valuable information about how the `regsvr32.exe` The response also includes other valuable information about how the
process started, such as the `@timestamp`, the associated `user.id`, and the `regsvr32.exe` process started, such as the `@timestamp`, the associated
`process.parent.name`. `user.id`, and the `process.parent.name`.
[source,console-result] [source,console-result]
---- ----