Added rules to detect lolbas provlaunch.exe and also filter on legitimate system non-wmiprvse processes loading WMI modules #13120
sigma-test.yml
on: pull_request
yamllint
25s
test-sigma
7m 21s
check-baseline-win7
5s
check-baseline-win10
2m 4s
check-baseline-win11
3m 8s
check-baseline-win2022
32s
check-baseline-win2022-domain-controller
54s
check-baseline-win2022-0-20348-azure
4m 5s