Update win_exploit_cve_2019_1388.yml

2020-10-15 17:52:40 -03:00
parent d7b63b8245
commit febe489c99
1 changed files with 3 additions and 3 deletions
@@ -15,9 +15,9 @@ logsource:
    product: windows
 detection:
    selection:
-        ParentImage: '*\consent.exe'
-        Image: '*\iexplore.exe'
-        CommandLine: '* http*'
+        ParentImage|endswith: '\consent.exe'
+        Image|endswith: '\iexplore.exe'
+        CommandLine|contains: ' http'
    rights1:
        IntegrityLevel: 'System'  # for Sysmon users
    rights2: