security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Completed requested changes

Browse Source 
selection2:
    Image|endswith:
This commit is contained in:
Cyb3rEng
2021-09-09 21:04:09 -06:00
committed by GitHub
parent ff08de6d20
commit 918bcfbf8a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml
+1 -1
View File
@@ -22,7 +22,7 @@ detection:
EventType: WMIExecution
WMIcommand|contains: 'Win32_Process\:\:Create'
selection2:
- Image|endswith:
Image|endswith:
- '\winword.exe'
- '\excel.exe'
- '\powerpnt.exe'