Merge pull request #557 from Yamato-Security/fix-broken-pipe-typo

fix broken pipe typo
Yamato-Security · Dec 20, 2023 · 67a05b7 · 67a05b7
2 parents 3eba70a + e1d3e24
commit 67a05b7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/config/default_details.txt b/config/default_details.txt
@@ -60,8 +60,8 @@ Microsoft-Windows-Sysmon, 9, Proc: %Image% ¦ Device: %Device% ¦ PID: %ProcessI
 Microsoft-Windows-Sysmon, 10, SrcProc: %SourceImage% ¦ TgtProc: %TargetImage% ¦ SrcUser: %SourceUser% ¦ TgtUser: %TargetUser% ¦ Access: %GrantedAccess% ¦ SrcPID: %SourceProcessId% ¦ SrcPGUID: %SourceProcessGUID% ¦ TgtPID: %TargetProcessId% ¦ TgtPGUID: %TargetProcessGUID%
 Microsoft-Windows-Sysmon, 11, Path: %TargetFilename% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
 Microsoft-Windows-Sysmon, 12, EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
-Microsoft-Windows-Sysmon, 13, EventType: %EventType% ¦ TgtObj: %TargetObject%: %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
-Microsoft-Windows-Sysmon, 14, EventType: %EventType% ¦ TgtObj: %TargetObject%: %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
+Microsoft-Windows-Sysmon, 13, EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
+Microsoft-Windows-Sysmon, 14, EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
 Microsoft-Windows-Sysmon, 15, Path: %TargetFilename% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid% ¦ Hash: %Hash%
 Microsoft-Windows-Sysmon, 16, Config: %Configuration%
 Microsoft-Windows-Sysmon, 17, Pipe: %PipeName% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%

diff --git a/hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml b/hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml
@@ -6,7 +6,7 @@ title: 'Reg Key Value Set (Sysmon Alert)'
 description: |
     This Registry event type identifies Registry value modifications.
     The event records the value written for Registry values of type DWORD and QWORD.
-details: 'Rule: %RuleName% ¦ EventType: %EventType% ¦ TgtObj: %TargetObject%: %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%'
+details: 'Rule: %RuleName% ¦ EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%'
 
 id: 78431930-a5c6-46ae-b02c-fcdc2a7325c2
 level: medium