security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update sysmon_win_binary_github_com.yml

Browse Source
This commit is contained in:
Jonhnathan
2020-10-15 16:26:28 -03:00
committed by GitHub
parent 554adb8562
commit 5dc02f3a87
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/network_connection/sysmon_win_binary_github_com.yml
+4 -4
View File
@@ -21,10 +21,10 @@ logsource:
detection:
selection:
Initiated: 'true'
DestinationHostname:
- '*.github.com'
- '*.githubusercontent.com'
Image: 'C:\Windows\\*'
DestinationHostname|endswith:
- '.github.com'
- '.githubusercontent.com'
Image|startswith: 'C:\Windows\\'
condition: selection
falsepositives:
- 'Unknown'