Update win_susp_net_execution.yml

2024-11-07 17:58:52 +00:00 · 2019-11-11 02:57:59 +03:00 · 2019-11-11 02:57:59 +03:00 · 24ea49a2a1
commit 24ea49a2a1
parent ca819d8707
1 changed files with 1 additions and 5 deletions
--- a/rules/windows/process_creation/win_susp_net_execution.yml
+++ b/rules/windows/process_creation/win_susp_net_execution.yml
@ -24,10 +24,6 @@ detection:
        Image:
            - '*\net.exe'
            - '*\net1.exe'
-    filename:
-        OriginalFileName:
-            - 'net.exe'
-            - 'net1.exe'
    cmdline:
        CommandLine:
            - '* group*'
@ -38,7 +34,7 @@ detection:
            - '* accounts*'
            - '* use*'
            - '* stop *'
-    condition: selection or filename and cmdline
+    condition: selection and cmdline
 fields:
    - CommandLine
    - ParentCommandLine