security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add default path to filter for explorer in exe anomaly rule

Browse Source
This commit is contained in:
Karneades
2019-04-21 17:40:52 +02:00
parent 38d548868d
commit b47900fbee
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_system_exe_anomaly.yml
+1
View File
@@ -33,6 +33,7 @@ detection:
Image:
- 'C:\Windows\System32\\*'
- 'C:\Windows\SysWow64\\*'
- 'C:\Windows\explorer.exe'
condition: selection and not filter
falsepositives:
- Exotic software