security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: broken condition

Browse Source 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
This commit is contained in:
Nasreddine Bencherchali
2023-04-21 14:56:37 +02:00
committed by GitHub
parent cd3d137cc2
commit 266d6630df
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules-emerging-threats/2023/Mint-Sandstorm/proc_creation_win_apt_mint_sandstorm_aspera_faspex_susp_child_process.yml
+1 -1
View File
@@ -109,7 +109,7 @@ detection:
- 'wbadmin'
- 'delete'
- 'catalog'
condition: all of selection_parent_path and (all of selection_special_child_powershell_* or all of selection_special_child_lsass_* or 1 of selection_child_*)
condition: selection_parent and (all of selection_special_child_powershell_* or all of selection_special_child_lsass_* or 1 of selection_child_*)
falsepositives:
- Unlikely
level: critical