From 24d73a5f8a7efaa32d95b03a0e202c2f52891ae0 Mon Sep 17 00:00:00 2001 From: frack113 Date: Tue, 30 Nov 2021 15:10:36 +0100 Subject: [PATCH] Add definition info --- rules/windows/builtin/win_usb_device_plugged.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_usb_device_plugged.yml b/rules/windows/builtin/win_usb_device_plugged.yml index 95ef20e3d..cf9013bb7 100644 --- a/rules/windows/builtin/win_usb_device_plugged.yml +++ b/rules/windows/builtin/win_usb_device_plugged.yml @@ -11,7 +11,7 @@ modified: 2021/11/30 logsource: product: windows service: driver-framework - definition: mapping Provider_Name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + definition: mapping Provider_Name 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' detection: selection: EventID: