island: Modify mongo query so 'Account Discovery' PBA also gets reported in T1086

This commit is contained in:
Shreya Malviya 2021-10-13 13:37:39 +05:30
parent e3045c255a
commit effd9dd957
1 changed files with 1 additions and 0 deletions

View File

@ -42,6 +42,7 @@ class T1086(AttackTechnique):
"telem_category": "post_breach", "telem_category": "post_breach",
"$or": [ "$or": [
{"data.command": {"$regex": r"\.ps1"}}, {"data.command": {"$regex": r"\.ps1"}},
{"data.command": {"$regex": "powershell"}},
{"data.result": {"$regex": r"\.ps1"}}, {"data.result": {"$regex": r"\.ps1"}},
], ],
}, },