Skip to content

Commit

Permalink
Update Attire-ExecutionLogger.psm1
Browse files Browse the repository at this point in the history
“Process ID”, ‘Exit Code’ and ‘Is Timeout’ values have been added to Attire-Logging. The reason for this addition is to easily find the attacks triggered by “Invoke-Atomic” with the detection rules on SIEM.
  • Loading branch information
krdmnbrk authored Oct 12, 2024
1 parent 8cb890b commit e729aa0
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions Public/Attire-ExecutionLogger.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ function Write-ExecutionLog($startTime, $stopTime, $technique, $testNum, $testNa
'time-stop' = $stopTime
'executor' = $testExecutor
'command' = $command
'process-id' = $res.ProcessId
'exit-code' = $res.ExitCode
'is-timeout' = $res.IsTimeout
'output' = @()
}

Expand Down

0 comments on commit e729aa0

Please sign in to comment.