Merge pull request #2764 from SigmaHQ/rule-devel

refactor: PowerShell Defender modifications
2022-03-03 23:29:08 +01:00
parent ea2b6d8a08 b3b5b2cbdd
commit eb06a6fdd1
3 changed files with 54 additions and 6 deletions
@@ -24,10 +24,11 @@ detection:
            - DisableBehaviorMonitoring
            - DisableScriptScanning
            - DisableBlockAtFirstSeen
+            - DisableIOAVProtection
    condition: selection
 falsepositives:
    - Legitimate PowerShell scripts
-level: medium
+level: high
 tags:
    - attack.defense_evasion
    - attack.t1562.001