security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #323 from Karneades/filterFix

Browse Source 
Restrict filter in system exe anomaly rule
This commit is contained in:
Florian Roth
2019-04-19 09:17:16 +02:00
committed by GitHub
parent f78413deab d75ea35295
commit 8a5ae01f0e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_system_exe_anomaly.yml
+2 -2
View File
@@ -26,8 +26,8 @@ detection:
- '*\conhost.exe'
filter:
Image:
- '*\System32\\*'
- '*\SysWow64\\*'
- 'C:\Windows\System32\\*'
- 'C:\Windows\SysWow64\\*'
condition: selection and not filter
falsepositives:
- Exotic software