Update sysmon_abusing_debug_privilege.yml

French language settings
2021-08-26 12:46:15 +00:00
parent a31422db74
commit 4f49f03460
1 changed files with 3 additions and 1 deletions
@@ -28,7 +28,9 @@ detection:
            - '\powershell.exe'
            - '\cmd.exe'
    selection3:
-            User: 'NT AUTHORITY\SYSTEM'
+            User|startswith: 
+                - 'NT AUTHORITY\SYSTEM'
+                - 'AUTORITE NT\Sys' # French language settings
    filter:
           CommandLine|contains|all:
           - ' route '