2
responses

Hello,

When using sysmon and nxlog, nxlog.exe is triggering alerts for suspicious file characteristics from sigma
https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_susp_file_characteristics.yml

nxlog.exe binary (others?) have missing properties fields like product, fileversion, company, description.

Having those along binary signature would be great!

Thanks a lot for great work!

AskedNovember 24, 2019 - 5:10pm

Answer (1)