Merge pull request #747 from zaphodef/fix/win_susp_backup_delete_source

Fix 'source' value for win_susp_backup_delete
2020-05-25 10:48:36 +02:00
parent 0afe0623af d510e1aad4
commit a962bd1bc1
1 changed files with 1 additions and 1 deletions
@@ -16,7 +16,7 @@ logsource:
 detection:
    selection:
        EventID: 524
-        Source: Backup
+        Source: Microsoft-Windows-Backup
    condition: selection
 falsepositives:
    - Unknown