From 356f6d45282a13ce6e749bde64bad49b21567515 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Tue, 11 Oct 2022 11:07:37 +0200
Subject: [PATCH] Add definition

---
 rules/windows/file_rename/file_rename_win_not_dll_to_dll.yml | 1 +
 rules/windows/file_rename/file_rename_win_ransomware.yml     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/rules/windows/file_rename/file_rename_win_not_dll_to_dll.yml b/rules/windows/file_rename/file_rename_win_not_dll_to_dll.yml
index a6d1fa6d9..b0c358221 100644
--- a/rules/windows/file_rename/file_rename_win_not_dll_to_dll.yml
+++ b/rules/windows/file_rename/file_rename_win_not_dll_to_dll.yml
@@ -11,6 +11,7 @@ modified: 2022/10/07
 logsource:
     product: windows
     category: file_rename
+    definition: Use the WinEventLog:Microsoft-Windows-Kernel-File/KERNEL_FILE_KEYWORD_RENAME_SETLINK_PATH ETW source 
 detection:
     to_dll:
         TargetFilename|endswith: '.dll'
diff --git a/rules/windows/file_rename/file_rename_win_ransomware.yml b/rules/windows/file_rename/file_rename_win_ransomware.yml
index 3926f3b6e..1d395bda8 100644
--- a/rules/windows/file_rename/file_rename_win_ransomware.yml
+++ b/rules/windows/file_rename/file_rename_win_ransomware.yml
@@ -14,6 +14,7 @@ tags:
 logsource:
     product: windows
     category: file_rename
+    definition: Use the WinEventLog:Microsoft-Windows-Kernel-File/KERNEL_FILE_KEYWORD_RENAME_SETLINK_PATH ETW source 
 detection:
     selection:
         OriginalFilename|endswith: