security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: too many false positives with in-memory detection rule

Browse Source
This commit is contained in:
Florian Roth
2021-11-20 15:07:20 +01:00
parent 15a4938294
commit e73816bb22
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_access/sysmon_in_memory_assembly_execution.yml
+1 -1
View File
@@ -54,6 +54,6 @@ fields:
- SourceImage
- TargetImage
- CallTrace
level: high
level: medium # too many false positives
falsepositives:
- SysInternals Process Explorer