Update proc_creation_win_user_discovery_get_aduser.yml

2022-09-10 09:49:14 +02:00
parent a616647b08
commit a053be791c
1 changed files with 1 additions and 1 deletions
@@ -24,7 +24,7 @@ detection:
    condition: all of selection_*
 falsepositives:
    - Legitimate admin scripts may use the same technique, it's better to exclude specific computers or users who execute these commands or scripts often
-level: high
+level: medium
 tags:
    - attack.discovery
    - attack.t1033