Skip to content

Update windows.json#89

Merged
EFA006 merged 4 commits intomainfrom
stoysec-patch-72
Mar 12, 2026
Merged

Update windows.json#89
EFA006 merged 4 commits intomainfrom
stoysec-patch-72

Conversation

@stoysec
Copy link
Collaborator

@stoysec stoysec commented Feb 19, 2026

New rule - PowerShell Remoting

@stoysec
Update windows.json
470e7f5 
New rule - PowerShell Remoting
@stoysec stoysec requested a review from EFA006 February 19, 2026 10:21
@EFA006 EFA006 added the Detection Rules The creation of new detection rules label Feb 19, 2026
EFA006
EFA006 requested changes Feb 23, 2026
View reviewed changes
Copy link
Collaborator

@EFA006 EFA006 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @stoysec ,

What do you think if we rename the rule to 'Remote Execution via WinRM' or 'WinRM Remote Command Execution Detected'?

Given that the rule detects more than PowerShell remoting?

@stoysec
Copy link
Collaborator Author

stoysec commented Mar 12, 2026

Hi @EFA006

Thanks for your comment, I'll modify it to 'Remote Execution via WinRM' - it is indeed more accurate and covers both PowerShell and other remote commands.

@EFA006 EFA006 merged commit b562b7c into main Mar 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EFA006 EFA006 EFA006 approved these changes

Assignees

No one assigned

Labels

Detection Rules The creation of new detection rules

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stoysec @EFA006