From 33db032a160b6e87e3579a0231b0075a6b23fa57 Mon Sep 17 00:00:00 2001
From: yugoslavskiy <yugoslavskiy@gmail.com>
Date: Thu, 14 Mar 2019 00:44:26 +0100
Subject: [PATCH] added missed service

---
 rules/windows/builtin/win_hack_smbexec.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/builtin/win_hack_smbexec.yml b/rules/windows/builtin/win_hack_smbexec.yml
index d4d0368a7..c9959e71a 100644
--- a/rules/windows/builtin/win_hack_smbexec.yml
+++ b/rules/windows/builtin/win_hack_smbexec.yml
@@ -11,6 +11,7 @@ tags:
     - attack.t1035
 logsource:
     product: windows
+    service: system
 detection:
     service_installation:
         EventID: 7045