p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

island: Modify mongo query so 'Account Discovery' PBA also gets reported in T1086

This commit is contained in:
Shreya Malviya 2021-10-13 13:37:39 +05:30
parent e3045c255a
commit effd9dd957
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -42,6 +42,7 @@ class T1086(AttackTechnique):
"telem_category": "post_breach", "telem_category": "post_breach",
"$or": [ "$or": [
{"data.command": {"$regex": r"\.ps1"}}, {"data.command": {"$regex": r"\.ps1"}},
{"data.command": {"$regex": "powershell"}},
{"data.result": {"$regex": r"\.ps1"}}, {"data.result": {"$regex": r"\.ps1"}},
], ],
}, },