Update win_netsh_fw_add.yml

2020-05-25 10:13:26 +02:00
parent 28652e4648
commit 6fcf3f9ebf
1 changed files with 3 additions and 3 deletions
@@ -15,13 +15,13 @@ logsource:
    category: process_creation
    product: windows
 detection:
-    selection:
+    selection1:
        CommandLine:
            - '*netsh*'
+    selection2:
        CommandLine:
            - '*firewall add*'
-            - '*advfirewall firewall add*'
-    condition: selection
+    condition: selection1 and selection2
 falsepositives:
    - Legitimate administration
 level: medium