Giters

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Possible Typo - Line 509

mc22catch opened this issue · comments

commented

Not sure if this is correct or not, but line 509 has ".rft"

It's in reference to RTF files, which should be .rtf.

sysmon-config/sysmonconfig-export.xml

Line 509 in 1c1e0ec

<TargetFilename condition="end with">.rft</TargetFilename> <!--RTF files often 0day malware vectors when opened by Office-->

commented

Apologies. It was corrected already in the z-AlphaVersion.xml