security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: other locations

Browse Source 
https://twitter.com/ber_m1ng/status/1397948048135778309
This commit is contained in:
Florian Roth
2021-05-27 18:12:20 +02:00
parent a4e6f58b16
commit 431f34b985
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_susp_procs_req_dlls.yml
+1 -1
View File
@@ -22,7 +22,7 @@ detection:
- '\regsvr32.exe'
filter1:
ParentImage|contains:
- '\AppData\Local\Temp\'
- '\AppData\Local\'
- '\Microsoft\Edge\'
condition: selection and not filter1
fields:
rules/windows/process_creation/win_susp_rundll32_no_params.yml
+1 -1
View File
@@ -16,7 +16,7 @@ detection:
ParentImage|endswith: '\svchost.exe'
filter2:
ParentImage|contains:
- '\AppData\Local\Temp\'
- '\AppData\Local\'
- '\Microsoft\Edge\'
condition: selection and not filter1 and not filter2
fields: