security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add tagg Endswith

Browse Source 
Prevent the trigger of {}.exe.log
This commit is contained in:
Sander Wiebing
2020-05-29 16:25:54 +02:00
committed by GitHub
parent 38afd8b5de
commit a00f7f19a1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_creation_system_file.yml
+1 -1
View File
@@ -15,7 +15,7 @@ logsource:
detection:
selection:
EventID: 11
TargetFilename:
TargetFilename|endswith:
- '*\svchost.exe'
- '*\rundll32.exe'
- '*\services.exe'