[WMI Incoming Lateral Movement] Modify Existing Query Exception (#2843)

* Tune WMI Incoming Lateral Movement * Tune WMI Incoming Lateral Movement * Bump updated_date --------- Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
2023-07-03 15:12:05 -06:00
parent f78de8c9d4
commit df0a1facd1
1 changed files with 3 additions and 2 deletions
@@ -4,7 +4,7 @@ integration = ["endpoint", "windows"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2023/06/22"
+updated_date = "2023/06/30"

 [rule]
 author = ["Elastic"]
@@ -37,7 +37,8 @@ sequence by host.id with maxspan = 2s
  [process where host.os.type == "windows" and event.type == "start" and process.parent.name : "WmiPrvSE.exe" and
   not process.args : ("C:\\windows\\temp\\nessus_*.txt",
                       "*C:\\windows\\TEMP\\nessus_*.TMP*",
-                       "C:\\Windows\\CCM\\SystemTemp\\*",
+                       "*C:\\Windows\\CCM\\SystemTemp\\*",
+                       "C:\\Windows\\CCM\\ccmrepair.exe",
                       "C:\\Windows\\CCMCache\\*",
                       "C:\\CCM\\Cache\\*")
   ]