p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

island: Change mongo query to include 'Modify Shell Startup Files' PBA in T1086's report

This commit is contained in:
Shreya Malviya 2021-10-11 17:29:46 +05:30
parent 7fa917581c
commit 3b11637f16
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -40,7 +40,10 @@ class T1086(AttackTechnique):
{ {
"$match": { "$match": {
"telem_category": "post_breach", "telem_category": "post_breach",
"data.command": {"$regex": r"\.ps1"}, "$or": [
{"data.command": {"$regex": r"\.ps1"}},
{"data.result": {"$regex": r"\.ps1"}},
],
}, },
}, },
{ {