security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update win_susp_sdelete.yml

Browse Source
This commit is contained in:
Jonhnathan
2020-10-15 15:53:51 -03:00
committed by GitHub
parent 600c7057b1
commit 496cfcb26a
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/win_susp_sdelete.yml
+3 -3
View File
@@ -28,9 +28,9 @@ detection:
- 4656
- 4663
- 4658
ObjectName:
- '*.AAA'
- '*.ZZZ'
ObjectName|endswith:
- '.AAA'
- '.ZZZ'
condition: selection
falsepositives:
- Legitime usage of SDelete