From e53a97fa2fa8bcfdf414ba973728e78d2be6bc85 Mon Sep 17 00:00:00 2001
From: Tran Trung Hieu <hieutt35@fpt.com.vn>
Date: Thu, 14 May 2020 18:22:49 +0700
Subject: [PATCH] Update condition to filter out printer port

---
 rules/windows/sysmon/sysmon_notepad_network_connection.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/sysmon/sysmon_notepad_network_connection.yml b/rules/windows/sysmon/sysmon_notepad_network_connection.yml
index beb6627cd..039d397ee 100644
--- a/rules/windows/sysmon/sysmon_notepad_network_connection.yml
+++ b/rules/windows/sysmon/sysmon_notepad_network_connection.yml
@@ -18,8 +18,8 @@ detection:
         EventID: 3
         Image: '*\notepad.exe'
     filter:
-        DestinationPort: 9100
-    condition: selection
+        DestinationPort: '9100'
+    condition: selection and not filter
 falsepositives:
     - None observed so far
 level: high