From 4379ca28b520a5df541ce41948095ede0fcdbf39 Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Thu, 28 Nov 2024 13:51:43 +0200
Subject: [PATCH] Added Sigma mapping for
 certificateservicesclient-lifecycle-system (#3223)

---
 data/sigma_config.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/sigma_config.yaml b/data/sigma_config.yaml
index fde109f3fa..e555300fe1 100644
--- a/data/sigma_config.yaml
+++ b/data/sigma_config.yaml
@@ -78,6 +78,11 @@ logsources:
     product: windows
     conditions:
       data_type: "windows:evtx:record"
+  service_windows_certificate_services:
+    service: certificateservicesclient-lifecycle-system
+    conditions:
+      source_name:
+        - "Microsoft-Windows-CertificateServicesClient-Lifecycle-System"
   service_windows_security:
     service: security
     conditions: