Update proxy_susp_flash_download_loc.yml

2020-10-15 23:24:54 -03:00
parent 990ae166d1
commit 641c27fbe1
1 changed files with 5 additions and 5 deletions
@@ -10,11 +10,11 @@ logsource:
    category: proxy
 detection:
    selection:
-        c-uri-query:
-            - '*/install_flash_player.exe'
-            - '*/flash_install.php*'
+        c-uri-query|contains:
+            - '/install_flash_player.exe'
+            - '/flash_install.php'
    filter:
-        c-uri-stem: '*.adobe.com/*'
+        c-uri-stem|contains: '.adobe.com/'
    condition: selection and not filter
 falsepositives:
    - Unknown flash download locations
@@ -27,4 +27,4 @@ tags:
    - attack.t1204  # an old one
    - attack.defense_evasion
    - attack.t1036.005
-    - attack.t1036  # an old one
+    - attack.t1036  # an old one