island: Change mongo query to include 'Modify Shell Startup Files' PBA in T1086's report

2021-10-11 17:29:46 +05:30 · 2021-10-11 17:29:46 +05:30 · 3b11637f16
parent 7fa917581c
commit 3b11637f16
1 changed files with 4 additions and 1 deletions
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
@ -40,7 +40,10 @@ class T1086(AttackTechnique):
        {
            "$match": {
                "telem_category": "post_breach",
-                "data.command": {"$regex": r"\.ps1"},
+                "$or": [
+                    {"data.command": {"$regex": r"\.ps1"}},
+                    {"data.result": {"$regex": r"\.ps1"}},
+                ],
            },
        },
        {