From e4edf7bc1b726c2348a4f78298eb3056ccd7bb63 Mon Sep 17 00:00:00 2001
From: k-vdv <->
Date: Fri, 22 Jan 2021 09:10:02 +0100
Subject: [PATCH] fix service from system to security for rule
 win_pcap_drivers.yml

---
 rules/windows/other/win_pcap_drivers.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/other/win_pcap_drivers.yml b/rules/windows/other/win_pcap_drivers.yml
index c24d04104..9a34a1575 100644
--- a/rules/windows/other/win_pcap_drivers.yml
+++ b/rules/windows/other/win_pcap_drivers.yml
@@ -12,7 +12,7 @@ tags:
     - attack.t1040
 logsource:
     product: windows
-    service: system
+    service: security
 detection:
     selection:
         EventID: 4697