Updated detected events

2019-05-03 12:21:17 -03:00
parent 712b25e9f4
commit e3cb0142c6
1 changed files with 4 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -96,8 +96,11 @@ See 'Logging setup' section below for how to configure these logs
  * Suspicious service creation
  * Service creation errors
  * Stopping/starting the Windows Event Log service (potential event log manipulation)
+* Mimikatz
+  * `lsadump::sam`
+  * `token::elevate`
 * EMET & Applocker Blocks
-* Sensitive Privilege Use (Mimikatz)
+

 ...and more