Update create_stream_hash_susp_ip_domains.yml

2022-09-07 12:17:18 +02:00
parent dc90e08f3e
commit df257caa4c
1 changed files with 2 additions and 3 deletions
@@ -1,5 +1,5 @@
-title: Unusual File Download from File Sharing Domain
-id: ae02ed70-11aa-4a22-b397-c0d0e8f6ea99
+title: Unusual File Download from Direct IP Address
+id: 025bd229-fd1f-4fdb-97ab-20006e1a5368
 status: experimental
 description: Detects the download of suspicious file type from URLs with IP
 author: Nasreddine Bencherchali
@@ -29,7 +29,6 @@ detection:
            - '.vbe:Zone'
            - '.vbs:Zone'
            - '.dll:Zone'
-            - ':Zone' # No extension
    condition: all of selection*
 falsepositives:
    - Unknown