security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent EventID collision for dhcp

Browse Source 
This prevents EventID collision for this rule with other sources/logs that share the same EventIDs.
specifically a lot with Microsoft-Windows-Security-SPP
This commit is contained in:
Nate Guagenti
2019-07-16 15:30:52 -04:00
committed by GitHub
parent b20b42b9c9
commit e2050404bc
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/win_susp_dhcp_config_failed.yml
+1
View File
@@ -19,6 +19,7 @@ detection:
- 1031
- 1032
- 1034
Source: Microsoft-Windows-DHCP-Server
condition: selection
falsepositives:
- Unknown