security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Unusual File Modification by dns.exe (#472)

Browse Source
This commit is contained in:
Justin Ibarra
2020-11-30 18:22:27 +01:00
committed by GitHub
parent 310f480027
commit d0ba03230a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/execution_unusual_dns_service_file_writes.toml
+2 -1
View File
@@ -29,7 +29,8 @@ tags = ["Elastic", "Host", "Windows", "Threat Detection", "Execution"]
type = "query"
query = '''
event.category:file and process.name:dns.exe and
event.category:file and process.name:dns.exe and
event.type:(creation or deletion or change) and
not file.name:dns.log
'''