security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Updated at command rule to use Image field

Browse Source
This commit is contained in:
Roberto Rodriguez
2021-10-15 15:46:59 -04:00
parent aa0a5b8204
commit 04ff9ae692
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/at_command.yml → rules/linux/process_creation/at_command.yml
+1 -1
View File
@@ -11,7 +11,7 @@ logsource:
category: process_creation
detection:
selection:
ProcessName|endswith:
Image|endswith:
- '/at'
- '/atd'
condition: selection