security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update rules/windows/process_creation/proc_creation_win_rar_susp_greedy.yml

Browse Source 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
This commit is contained in:
Florian Roth
2022-12-27 15:46:37 +01:00
committed by GitHub
parent 47572e08c8
commit 32a17342b4
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_rar_susp_greedy.yml
+2 -1
View File
@@ -27,7 +27,8 @@ detection:
- ' -r ' # recursive
selection_folders:
CommandLine|contains:
- ' C:\\*.'
- ' C:\\\*.'
- ' C:\\\\\*.'
- ' C:\Users\Public\'
- ' %public%'
- ' C:\Windows\'