[client] feat(SCV): review keywords process (#4266)

gabriel-peze · gabriel-peze · commit 3d4060a7b3d0 · 2025-12-16T14:55:45.000+01:00
diff --git a/pyoaev/security_domain/builder.py b/pyoaev/security_domain/builder.py
@@ -9,11 +9,8 @@ def _find_in_keywords(self, keywords, search):
     # Define the domain by item
     def get_associated_security_domains(self, name, description):
         domains = []
+        domains.append(SecurityDomains.ENDPOINT.value)
 
-        if self._find_in_keywords(
-            SecurityDomainsKeyWords.ENDPOINT, name
-        ) or self._find_in_keywords(SecurityDomainsKeyWords.ENDPOINT, description):
-            domains.append(SecurityDomains.ENDPOINT.value)
         if self._find_in_keywords(
             SecurityDomainsKeyWords.NETWORK, name
         ) or self._find_in_keywords(SecurityDomainsKeyWords.NETWORK, description):
@@ -43,7 +40,5 @@ def get_associated_security_domains(self, name, description):
         ) or self._find_in_keywords(SecurityDomainsKeyWords.CLOUD, description):
             domains.append(SecurityDomains.CLOUD.value)
 
-        if 0 == len(domains):
-            domains.append(SecurityDomains.ENDPOINT.value)
 
         return domains
diff --git a/pyoaev/security_domain/types.py b/pyoaev/security_domain/types.py
@@ -2,39 +2,6 @@
 
 
 class SecurityDomainsKeyWords(Enum):
-    ENDPOINT = [
-        "lsass",
-        "registry",
-        "dll injection",
-        "kernel",
-        "winlogon",
-        "scheduled task",
-        "wmi",
-        "powershell",
-        "process injection",
-        "credential dumping",
-        "rootkit",
-        "startup folder",
-        "bits jobs",
-        "removable media",
-        "hardware additions",
-        "browser extension",
-        "firmware",
-        "bootkit",
-        "master boot record",
-        "clipboard",
-        "screen capture",
-        "audio capture",
-        "video capture",
-        "disk wipe",
-        "ransomware",
-        "debugger evasion",
-        "sandbox evasion",
-        "reflective code",
-        "access token",
-        "system binary proxy",
-        "Bitsadmin Download (PowerShell)",
-    ]
     NETWORK = [
         "lateral movement",
         "packet sniff",
