security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove too loose filter in mshta rule

Browse Source
This commit is contained in:
Karneades
2019-04-04 22:16:24 +02:00
committed by GitHub
parent 81693d81b6
commit eb690d8902
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_mshta_spawn_shell.yml
-4
View File
@@ -20,10 +20,6 @@ detection:
- '*\reg.exe'
- '*\regsvr32.exe'
- '*\BITSADMIN*'
filter:
CommandLine:
- '*/HP/HP*'
- '*\HP\HP*'
condition: selection and not filter
fields:
- CommandLine