security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update proc_creation_win_powershell_amsi_bypass.yml

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2022-09-02 12:02:18 +02:00
parent 37f08c4cbb
commit 884891746b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_powershell_amsi_bypass.yml
+1 -1
View File
@@ -12,7 +12,7 @@ logsource:
category: process_creation
product: windows
detection:
selection1:
selection:
CommandLine|contains:
- 'System.Management.Automation.AmsiUtils'
- 'amsiInitFailed'