From 045e87058b00aecd534e76fa9e9b966eaa1b5182 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Wed, 22 Sep 2021 08:40:08 +0200
Subject: [PATCH] add definition

---
 .../powershell_memorydump_getstoragediagnosticinfo.yml           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/powershell/powershell_memorydump_getstoragediagnosticinfo.yml b/rules/windows/powershell/powershell_memorydump_getstoragediagnosticinfo.yml
index c31fc8027..79ef1050f 100644
--- a/rules/windows/powershell/powershell_memorydump_getstoragediagnosticinfo.yml
+++ b/rules/windows/powershell/powershell_memorydump_getstoragediagnosticinfo.yml
@@ -11,6 +11,7 @@ author: Max Altgelt
 logsource:
     product: windows
     service: powershell
+    definition: Script block logging must be enabled
 detection:
     dump:
         EventID: 4104