security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Update win_susp_ping_hex_ip.yml

Browse Source
This commit is contained in:
Jonhnathan
2020-10-15 19:34:00 -03:00
committed by GitHub
parent 6bb9f1b3c9
commit 90d20094ac
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_susp_ping_hex_ip.yml
+3 -3
View File
@@ -15,9 +15,9 @@ logsource:
product: windows
detection:
selection:
CommandLine:
- '*\ping.exe 0x*'
- '*\ping 0x*'
CommandLine|contains:
- '\ping.exe 0x'
- '\ping 0x'
condition: selection
fields:
- ParentCommandLine