From 0c934ea455e2fa5f13ed4309dc1bc0af8a7b9d26 Mon Sep 17 00:00:00 2001
From: Timur Zinniatullin <zinin.t@gmail.com>
Date: Sun, 18 Oct 2020 18:54:31 +0300
Subject: [PATCH] Update win_invoke_obfuscation_via_rundll.yml

---
 .../process_creation/win_invoke_obfuscation_via_rundll.yml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml b/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml
index a21a4e10b..80b0a0253 100644
--- a/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml
+++ b/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml
@@ -20,4 +20,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: high 
\ No newline at end of file
+level: medium