Added field names to first rules

2017-09-12 23:54:04 +02:00
parent 5c465129bd
commit 986c9ff9b7
45 changed files with 156 additions and 0 deletions
@@ -12,6 +12,9 @@ detection:
        - CommandLine: '*address=127.0.0.1*'
        - CommandLine: '*address=localhost*'
    condition: selection and not exclusion
+fields:
+    - CommandLine
+    - ParentCommandLine
 falsepositives:
    - unknown
 level: medium