Fixed rule

2018-11-29 00:00:18 +01:00
parent 1118b80288
commit f6ad36f530
1 changed files with 1 additions and 1 deletions
@@ -47,7 +47,7 @@ detection:
            - wbadmin.exe
            - icacls.exe
            - diskpart.exe
-    timeframe: 5min
+    timeframe: 5m
    condition: selection | count() by MachineName > 5
 falsepositives:
    - False positives depend on scripts and administrative tools used in the monitored environment