Update win_security_susp_lsass_dump_generic.yml

rules/windows/builtin/security/win_security_susp_lsass_dump_generic.yml

@@ -7,7 +7,7 @@ references:
     - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment
 author: Roberto Rodriguez, Teymur Kheirkhabarov, Dimitrios Slamaris, Mark Russinovich, Aleksey Potapov, oscd.community (update)
 date: 2019/11/01
-modified: 2023/03/23
+modified: 2023/07/31
 tags:
     - attack.credential_access
     - car.2019-04-004
@@ -90,6 +90,9 @@ detection:
         ProcessName|contains: '\AppData\Local\Temp\is-'
         ProcessName|endswith: '\avira_system_speedup.tmp'
         AccessList|contains: '%%4484'
+    filter_snmp:
+        ProcessName: 'C:\Windows\System32\snmp.exe'
+        AccessList|contains: '%%4484'
     condition: 1 of selection_* and not 1 of filter_*
 falsepositives:
     - Legitimate software accessing LSASS process for legitimate reason; update the whitelist with it