From e2050404bccef4653da81f6b6dbcdbe91f2e0a02 Mon Sep 17 00:00:00 2001
From: Nate Guagenti <neu5ron@users.noreply.github.com>
Date: Tue, 16 Jul 2019 15:30:52 -0400
Subject: [PATCH] prevent EventID collision for dhcp

This prevents EventID collision for this rule with other sources/logs that share the same EventIDs.
specifically a lot with Microsoft-Windows-Security-SPP
---
 rules/windows/builtin/win_susp_dhcp_config_failed.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/builtin/win_susp_dhcp_config_failed.yml b/rules/windows/builtin/win_susp_dhcp_config_failed.yml
index 4e08f1f9a..527857d15 100644
--- a/rules/windows/builtin/win_susp_dhcp_config_failed.yml
+++ b/rules/windows/builtin/win_susp_dhcp_config_failed.yml
@@ -19,6 +19,7 @@ detection:
             - 1031
             - 1032
             - 1034
+        Source: Microsoft-Windows-DHCP-Server            
     condition: selection
 falsepositives: 
     - Unknown