security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

double quotes = escape

Browse Source
This commit is contained in:
juju4
2017-10-29 14:42:40 -04:00
parent 07185247cb
commit 4b64fc1704
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/win_susp_run_locations.yml
+1 -1
View File
@@ -15,7 +15,7 @@ detection:
- "*:\\RECYCLER\\*"
- "*:\\SystemVolumeInformation\\*"
- "%windir%\\Tasks\\*"
- "%systemroot%\debug\\*"
- "%systemroot%\\debug\\*"
condition: selection
falsepositives:
- False positives depend on scripts and administrative tools used in the monitored environment