modifed win_susp_odbcconf.yml

2019-10-26 07:45:53 +02:00
parent aa9a22e662
commit 611c193826
1 changed files with 3 additions and 3 deletions
@@ -13,9 +13,9 @@ logsource:
    category: process_creation
    product: windows
 detection:
-  selection:
-    Image: '*\odbcconf.exe'
-    CommandLine: '* -f *.rsp'
+    selection:
+        Image: '*\odbcconf.exe'
+        CommandLine: '* -f *.rsp'
    condition: selection
 level: medium
 falsepositives: