Merge pull request #725 from WilliamBruneau/fix_null_list
Move null values out from list in rules
This commit is contained in:
Florian Roth
@@ -17,11 +17,11 @@ logsource:
|
||||
detection:
|
||||
selection:
|
||||
EventID: 15
|
||||
filter:
|
||||
Imphash:
|
||||
- '00000000000000000000000000000000'
|
||||
- null
|
||||
condition: selection and not filter
|
||||
filter1:
|
||||
Imphash: '00000000000000000000000000000000'
|
||||
filter2:
|
||||
Imphash: null
|
||||
condition: selection and not 1 of filter*
|
||||
fields:
|
||||
- TargetFilename
|
||||
- Image
|
||||
|
||||
Reference in New Issue
Block a user