admin/RmEye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update prcoess_chain_detect.py

Browse Source
This commit is contained in:
huoji
2022-08-29 20:00:02 +08:00
parent 5b4f9c32c4
commit ae90a158bd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Server/plugins/uac_bypass_detect/prcoess_chain_detect.py
View File

@@ -30,7 +30,7 @@ def rule_new_process_create(current_process: process.Process, host, raw_log_data
print('[uac bypass detect] detect uac bypass in process chain {}'.format( print('[uac bypass detect] detect uac bypass in process chain {}'.format(
current_process.path)) current_process.path))
current_process.chain.root_process.plugin_var['uac_flag'] = integritylevel current_process.chain.root_process.plugin_var['uac_flag'] = integritylevel
current_process.set_score(300, "[UAC提权]进程权限等级变动") current_process.set_score(30, "进程权限等级变动")
return global_vars.THREAT_TYPE_PROCESS return global_vars.THREAT_TYPE_PROCESS
# print('process chain: {} path: {} level: {} log level: {}'.format( # print('process chain: {} path: {} level: {} log level: {}'.format(
# current_process.chain_hash, current_process.path, integritylevel, current_process.chain.root_process.plugin_var['uac_flag'])) # current_process.chain_hash, current_process.path, integritylevel, current_process.chain.root_process.plugin_var['uac_flag']))