security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add file.extension to SxS .local rule

Browse Source
This commit is contained in:
Ross Wolf
2020-11-30 15:26:28 -07:00
committed by GitHub
parent 2465a70dac
commit 710f4bda10
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/execution_shared_modules_local_sxs_dll.toml
+1 -1
View File
@@ -24,7 +24,7 @@ tags = ["Elastic", "Host", "Windows", "Threat Detection", "Execution"]
type = "eql"
query = '''
file where file.path : "C:\\*\\*.exe.local\\*.dll"
file where file.extension : "dll" and file.path : "C:\\*\\*.exe.local\\*.dll"
'''