security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deleted EventID part

Browse Source
This commit is contained in:
Furkan ÇALIŞKAN
2020-06-04 18:19:08 +03:00
committed by GitHub
parent 1c677aa172
commit 0744107fbb
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml
-1
View File
@@ -13,7 +13,6 @@ logsource:
product: windows
detection:
selection:
EventID: 1
Image|endswith:
- '\powershell.exe'
ParentImage|endswith: