security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4256 from phantinuss/master

Browse Source 
fix: FP in prod env
This commit is contained in:
Nasreddine Bencherchali
2023-05-22 11:59:10 +02:00
committed by GitHub
parent 737f18e19a d7f3bf9736
commit ef7957075f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_googleupdate_susp_child_process.yml
+3
View File
@@ -8,6 +8,7 @@ references:
- https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/goofy-guineapig/NCSC-MAR-Goofy-Guineapig.pdf
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/05/15
modified: 2023/05/22
tags:
- attack.defense_evasion
logsource:
@@ -23,6 +24,8 @@ detection:
- '\setup.exe'
- 'chrome_updater.exe'
- 'chrome_installer.exe'
filter_main_image_null:
Image: null
condition: selection and not 1 of filter_main_*
falsepositives:
- Unknown