Update win_service_execution.yml

2019-11-05 04:42:53 +03:00
parent 534f5fc0e1
commit cc7aebe9b6
1 changed files with 1 additions and 1 deletions
@@ -17,7 +17,7 @@ detection:
            - '*\net.exe'
            - '*\net1.exe'
        CommandLine|re: '.*start.*[a-zA-Z0-9]' # search for a service name after 'net start', avoiding intersection with "service discovery" technique detection rules
-    condition:  selection
+    condition: selection
 falsepositives:
    - Legitimate administrator or user executes a service for legitimate reason
 level: low