Lowered severity of rule - prone to false positives

2024-11-07 09:48:58 +00:00 · 2018-02-22 16:59:11 +01:00 · 2018-02-22 16:59:11 +01:00 · 25dc3e78be
commit 25dc3e78be
parent 9020a9aa32
1 changed files with 2 additions and 2 deletions
--- a/rules/windows/sysmon/sysmon_exploit_cve_2017_0261.yml
+++ b/rules/windows/sysmon/sysmon_exploit_cve_2017_0261.yml
@ -15,5 +15,5 @@ detection:
        Image: '*\FLTLDR.exe*'
    condition: selection
 falsepositives:
-    - Unknown
-level: critical
+    - Several false positives identified, check for suspicious file names or locations (e.g. Temp folders)
+level: medium