Update another command line of Get-WmiObject (gwmi)

2022-03-03 11:04:26 +07:00
parent 071bcc2923
commit f57bb708bb
1 changed files with 3 additions and 1 deletions
@@ -17,7 +17,9 @@ logsource:
    definition: EnableScriptBlockLogging must be set to enable
 detection:
    selection_action:
-        ScriptBlockText|contains: Get-WmiObject
+        ScriptBlockText|contains: 
+            - Get-WmiObject
+            - gwmi
    selection_module:
        ScriptBlockText|contains: 
            - MSAcpi_ThermalZoneTemperature