security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing

Browse Source
This commit is contained in:
Florian Roth
2022-02-08 09:35:12 +01:00
parent 69fcbc138e c69613696f
commit 047b928ab0
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml
+1
View File
@@ -52,6 +52,7 @@ detection:
- 'C:\Windows\System32\dllhost.exe'
- 'C:\Windows\System32\DeviceCensus.exe'
- 'C:\Windows\System32\MpSigStub.exe'
- 'C:\Windows\UUS\amd64\MoUsoCoreWorker.exe'
filter_system:
Image: 'System'
filter_Keybase: