Update win_susp_multiple_files_renamed_or_deleted.yml
This commit is contained in:
Vasiliy Burov
@@ -22,6 +22,6 @@ detection:
|
||||
timeframe: 30s
|
||||
condition: selection | count() by SubjectLogonId > 10
|
||||
falsepositives:
|
||||
- software uninstallation
|
||||
- files restore activities
|
||||
- Software uninstallation
|
||||
- Files restore activities
|
||||
level: high
|
||||
|
||||
Reference in New Issue
Block a user