security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: fp with iissetup

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2023-01-22 23:41:56 +01:00
parent f2cf68cf14
commit 47fa1dff54
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_iis_appcmd_susp_module_install.yml
+2
View File
@@ -25,6 +25,8 @@ detection:
CommandLine|contains:
- '/name:'
- '-name:'
filter_iis_setup:
ParentImage: 'C:\Windows\System32\inetsrv\iissetup.exe'
condition: all of selection_*
falsepositives:
- Unknown as it may vary from organisation to organisation how admins use to install IIS modules