Nxlog windows binaries properties/metadata
Tags:
#1
juju43
Hello,
When using sysmon and nxlog, nxlog.exe is triggering alerts for suspicious file characteristics from sigma
https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_susp_file_characteristics.yml
nxlog.exe binary (others?) have missing properties fields like product, fileversion, company, description.
Having those along binary signature would be great!
Thanks a lot for great work!
#1
juju43
Hello,
When using sysmon and nxlog, nxlog.exe is triggering alerts for suspicious file characteristics from sigma
https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_susp_file_characteristics.yml
nxlog.exe binary (others?) have missing properties fields like product, fileversion, company, description.
Having those along binary signature would be great!
Thanks a lot for great work!
Hi Juju,
Thanks for the suggestion, I will make it reach to the appropiate team.
