security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wrong field name

Browse Source
This commit is contained in:
Florian Roth
2020-11-28 10:10:00 +01:00
committed by GitHub
parent 84dc11ca98
commit 1ea4bb0b87
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_susp_file_download_via_gfxdownloadwrapper.yml
+1 -1
View File
@@ -15,7 +15,7 @@ detection:
cmd_known_url:
CommandLine|contains: 'gameplayapi.intel.com'
same_parent:
ParentProcessName|endswith: '\GfxDownloadWrapper.exe'
ParentImage|endswith: '\GfxDownloadWrapper.exe'
condition: image_path and not cmd_known_url and not same_parent
fields:
- CommandLine