Update sysmon_lsass_memdump.yml

2020-10-15 17:17:57 -03:00
parent af5c88e5d5
commit 93faca413e
1 changed files with 3 additions and 3 deletions
@@ -19,9 +19,9 @@ detection:
    selection:
        TargetImage: 'C:\windows\system32\lsass.exe'
        GrantedAccess: '0x1fffff'
-        CallTrace:
-         - '*dbghelp.dll*'
-         - '*dbgcore.dll*'
+        CallTrace|contains:
+         - 'dbghelp.dll'
+         - 'dbgcore.dll'
    condition: selection
 falsepositives:
    - unknown