Updated after successful CICD run 05/05/2022 13:49:54

Azure Pipeline · Azure Pipeline · commit b3affb47f6e2 · 2022-05-05T13:49:54.000Z
diff --git a/sysmonconfig.xml b/sysmonconfig.xml
@@ -1415,7 +1415,6 @@
         <TargetObject name="technique_id=T1137.006,technique_name=Add-ins" condition="contains all">\Microsoft\Office;\Outlook\Addins</TargetObject>
         <TargetObject name="technique_id=T1137.006,technique_name=Add-ins" condition="contains">\Software\Microsoft\VSTO\Security\Inclusion</TargetObject>
         <TargetObject name="technique_id=T1137.006,technique_name=Add-ins" condition="contains">\Software\Microsoft\VSTO\SolutionMetadata</TargetObject>
-        <TargetObject name="technique_name=Outlook Server 95/98 Identity Keys" condition="contains">Identities</TargetObject>
         <TargetObject condition="contains all">HKCU\SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Account Name</TargetObject>
         <TargetObject condition="contains all">HKCU\SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Display Name</TargetObject>
         <TargetObject condition="contains all">HKCU\SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Email</TargetObject>
@@ -1443,13 +1442,13 @@
         <TargetObject condition="contains">software\microsoft\Office test\special\perf\</TargetObject>
         <TargetObject condition="contains all">hkcu\software\microsoft\office\;\Options\OPEN</TargetObject>
         <TargetObject name="technique_id=T1137.006,technique_name=Add-ins" condition="contains all">\Microsoft\Office;\PowerPoint\Addins</TargetObject>
-        <TargetObject name="T1559.002,office" condition="end with">\Word\Security\AllowDDE</TargetObject>
-        <TargetObject name="T1559.002,office" condition="end with">\Excel\Security\DisableDDEServerLaunch</TargetObject>
-        <TargetObject name="T1559.002,office" condition="end with">\Excel\Security\DisableDDEServerLookup</TargetObject>
-        <TargetObject name="T1562,office" condition="end with">\VBAWarnings</TargetObject>
-        <TargetObject name="T1562,office" condition="end with">\DisableInternetFilesInPV</TargetObject>
-        <TargetObject name="T1562,office" condition="end with">\DisableUnsafeLocationsInPV</TargetObject>
-        <TargetObject name="T1562,office" condition="end with">\DisableAttachementsInPV</TargetObject>
+        <TargetObject name="T1559.002,technique_name=Dynamic Data Exchange" condition="end with">\Word\Security\AllowDDE</TargetObject>
+        <TargetObject name="T1559.002,technique_name=Dynamic Data Exchange" condition="end with">\Excel\Security\DisableDDEServerLaunch</TargetObject>
+        <TargetObject name="T1559.002,technique_name=Dynamic Data Exchange" condition="end with">\Excel\Security\DisableDDEServerLookup</TargetObject>
+        <TargetObject name="T1562.001,technique_name=Disable or Modify Tools" condition="end with">\VBAWarnings</TargetObject>
+        <TargetObject name="T1562.001,technique_name=Disable or Modify Tools" condition="end with">\DisableInternetFilesInPV</TargetObject>
+        <TargetObject name="T1562.001,technique_name=Disable or Modify Tools" condition="end with">\DisableUnsafeLocationsInPV</TargetObject>
+        <TargetObject name="T1562.001,technique_name=Disable or Modify Tools" condition="end with">\DisableAttachementsInPV</TargetObject>
         <TargetObject name="technique_id=T1021.001,technique_name=Remote Desktop Protocol" condition="is">HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxInstanceCount</TargetObject>
         <TargetObject name="technique_id=T1021.001,technique_name=Remote Desktop Protocol" condition="is">HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\RaunSolicit</TargetObject>
         <TargetObject name="technique_id=T1112,technique_name=Modify Registry" condition="begin with">HKLM\SYSTEM\CurrentControlSet\services\TermService\Parameters\ServiceDll</TargetObject>
