security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml

Browse Source
This commit is contained in:
tas_kmanager
2020-10-16 09:30:20 -04:00
parent 23358b8db5
commit c4ddd56931
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml
+1 -2
View File
@@ -23,9 +23,8 @@ detection:
- 'msi'
ParentImage|endswith:
- 'tmp'
condition: event_id and image and parent_image
condition: image and parent_image
fields:
- EventID
- Image
- ParentImage
falsepositives: