rblader

Problems logging rules

2

Borrowing from examples posted in https://github.com/microsoft/MSTIC-Sysmon/blob/main/linux/configs/main.xml, I've found rule names such as: \ \touch\ \ This gets truncated in syslog at to: \TechniqueID=T1070.006,TechniqueName=Indi To shorten the message I tried: \...

I stumbled upon a way to copy a file (ASCII script, it does not work as well with binaries) from a remote server and execute it without ever creating anything...