From 24eb0b92be5fe91c196516f8323182fbd356b0d6 Mon Sep 17 00:00:00 2001
From: Ivan Dyachkov <idyachkov@ptsecurity.com>
Date: Wed, 14 Oct 2020 16:56:52 +0300
Subject: [PATCH] commented tags

---
 rules/windows/process_creation/win_susp_diskshadow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_diskshadow.yml b/rules/windows/process_creation/win_susp_diskshadow.yml
index 365c5a9e4..8ba8426a8 100644
--- a/rules/windows/process_creation/win_susp_diskshadow.yml
+++ b/rules/windows/process_creation/win_susp_diskshadow.yml
@@ -4,7 +4,7 @@ status: experimental
 description: Detects using Diskshadow.exe to execute arbitrary code in text file
 references:
     - https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/
-tags:
+#tags:
 #    - attack.execution
  #   - attack.t1218
 author: Ivan Dyachkov, oscd.community