security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed single quote balance

Browse Source
This commit is contained in:
Thomas Patzke
2017-01-10 22:32:55 +01:00
committed by Florian Roth
parent 6125875d2d
commit c2f3ee25a8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
windows/builtin/susp_eventlog_cleared.yml
+2 -2
View File
@@ -1,5 +1,5 @@
description: Eventlog Cleared
comment: Some threat groups tend to delete the local 'Security'' Eventlog using certain utitlities
comment: Some threat groups tend to delete the local 'Security' Eventlog using certain utitlities
detection:
selection:
- EventLog: Security
@@ -10,4 +10,4 @@ detection:
falsepositives:
- Rollout of log collection agents (the setup routine often includes a reset of the local Eventlog)
- System provisioning (system reset before the golden image creation)
level: 70
level: 70