security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update proc_creation_win_susp_runonce_execution.yml

Browse Source
This commit is contained in:
securepeacock
2022-12-13 10:27:21 -05:00
committed by GitHub
parent ad55efd25f
commit af3857b42f
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_susp_runonce_execution.yml
+1 -2
View File
@@ -24,8 +24,7 @@ detection:
- '/AlternateShellStartup'
- '/r'
filter:
CommandLine|contains:
- '/Run6432'
CommandLine|contains: '/Run6432'
condition: all of selection* and not filter
falsepositives:
- Unknown