honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Reword in EQL threat detection example

This commit is contained in:
James Rodewig 2020-08-14 15:50:31 -04:00
parent d0810cca19
commit 290adcd25e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/reference/eql/detect-threats-with-eql.asciidoc
View File

@ -147,9 +147,9 @@ register a script, `RegSvr32.sct`. This fits the behavior of a
https://attack.mitre.org/techniques/T1218/010/["Squiblydoo" attack], a known
variant of `regsvr32` misuse.
The query also retrieved other valuable information about how the `regsvr32.exe`
process started, such as the `@timestamp`, the associated `user.id`, and the
`process.parent.name`.
The response also includes other valuable information about how the
`regsvr32.exe` process started, such as the `@timestamp`, the associated
`user.id`, and the `process.parent.name`.
[source,console-result]
----