security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update condition to filter out printer port

Browse Source
This commit is contained in:
Tran Trung Hieu
2020-05-14 18:22:49 +07:00
parent 443bf09d27
commit e53a97fa2f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_notepad_network_connection.yml
+2 -2
View File
@@ -18,8 +18,8 @@ detection:
EventID: 3
Image: '*\notepad.exe'
filter:
DestinationPort: 9100
condition: selection
DestinationPort: '9100'
condition: selection and not filter
falsepositives:
- None observed so far
level: high