security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adjusting condition

Browse Source
This commit is contained in:
Tim Shelton
2022-05-26 18:38:12 +00:00
parent 72e090b8c1
commit 5e2e776bce
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_susp_execution_path.yml
+1 -1
View File
@@ -39,7 +39,7 @@ detection:
- '\Windows\Tasks\'
- Image|startswith: 'C:\Perflogs\'
false_positive:
- Image|startswith: 'C:\Users\Public\IBM\ClientSolutions\Start_Programs\'
Image|startswith: 'C:\Users\Public\IBM\ClientSolutions\Start_Programs\'
condition: selection and not false_positive
fields:
- CommandLine