Skip to content

Commit efb2dc0

Browse files
authored
Merge pull request #11440 from Azure/v-visodadasi/MaliciousURL
Removed the broken URL in Endpoint Threat Protection Essentials
2 parents 7cb8aa3 + 2bcaae2 commit efb2dc0

File tree

5 files changed

+247
-244
lines changed

5 files changed

+247
-244
lines changed

Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
id: e7470b35-0128-4508-bfc9-e01cfb3c2eb7
22
name: Detecting Macro Invoking ShellBrowserWindow COM Objects
33
description: |
4-
'This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.
5-
Ref: https://blog.menasec.net/2019/02/threat-hunting-doc-with-macro-invoking.html'
4+
'This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.'
65
severity: Medium
76
status: Available
87
requiredDataConnectors:
@@ -45,5 +44,5 @@ entityMappings:
4544
fieldMappings:
4645
- identifier: Name
4746
columnName: User
48-
version: 1.0.3
47+
version: 1.0.4
4948
kind: Scheduled
Binary file not shown.

Solutions/Endpoint Threat Protection Essentials/Package/createUiDefinition.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@
142142
"name": "analytic5-text",
143143
"type": "Microsoft.Common.TextBlock",
144144
"options": {
145-
"text": "This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.\nRef: https://blog.menasec.net/2019/02/threat-hunting-doc-with-macro-invoking.html"
145+
"text": "This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules."
146146
}
147147
}
148148
]

0 commit comments

Comments
 (0)