security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update for Image instead of CommandLine

Browse Source
This commit is contained in:
AaronHerman
2022-10-01 19:13:31 -05:00
parent 0710acf9e7
commit 47cd3d4e7b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_susp_lolbin_non_c_drive.yml
+1 -1
View File
@@ -15,7 +15,7 @@ logsource:
product: windows
detection:
selection_lolbin:
CommandLine|contains:
Image|endswith:
- '\wscript.exe'
- '\cscript.exe'
selection_exetensions: