valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rule logic fix

Browse Source
This commit is contained in:
Mikhail Larin 2020-10-21 18:32:02 +03:00
parent e0e81b5c25
commit 13d84ac27b
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/linux/macos_find_cred_in_files.yml
View File

@ -13,8 +13,9 @@ logsource:
category: process_creation
detection:
selection1:
CommandLine|contains|all:
- 'grep'
ProcessName|endswith:
- '/grep'
CommandLine|contains:
- 'password'
selection2:
CommandLine|contains: 'laZagne'