From 7affc09c1900a29c9af39664c28f4cebf067e015 Mon Sep 17 00:00:00 2001
From: yugoslavskiy <daniil@yugoslavskiy.com>
Date: Thu, 7 Nov 2019 04:33:40 +0300
Subject: [PATCH] Update sysmon_mimikatz_detection_lsass.yml

---
 rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml b/rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml
index 1a1ab3cb4..febcd7f9d 100644
--- a/rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml
+++ b/rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml
@@ -1,7 +1,7 @@
 title: Mimikatz Detection LSASS Access
 status: experimental
 description: Detects process access to LSASS which is typical for Mimikatz (0x1000 PROCESS_QUERY_ LIMITED_INFORMATION, 0x0400 PROCESS_QUERY_ INFORMATION "only old versions", 0x0010 PROCESS_VM_READ)
-author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, oscd.community (update)
+author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, Aleksey Potapov, oscd.community (update)
 date: 2017/02/16
 modified: 2019/11/01
 references:
@@ -43,4 +43,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Legitimate software accessing LSASS process for legitimate reason; update the whitelist with it
-level: high
\ No newline at end of file
+level: high