From 8703d9f3529ecfe2babe06770fcd239b0e5c2c3e Mon Sep 17 00:00:00 2001
From: Steven <steven@teamg.be>
Date: Thu, 15 Apr 2021 03:07:18 +0200
Subject: [PATCH] Remove another reference to hardcoded event ID

---
 rules/windows/process_creation/win_apt_unidentified_nov_18.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules/windows/process_creation/win_apt_unidentified_nov_18.yml b/rules/windows/process_creation/win_apt_unidentified_nov_18.yml
index bf68521d0..20e60b324 100644
--- a/rules/windows/process_creation/win_apt_unidentified_nov_18.yml
+++ b/rules/windows/process_creation/win_apt_unidentified_nov_18.yml
@@ -31,6 +31,5 @@ logsource:
     category: file_event
 detection:
     selection2:
-        EventID: 11
         TargetFilename|contains: 
             - 'ds7002.lnk'