Fix logsource to get accurate detection

2024-11-06 17:35:19 +00:00 · 2021-05-30 08:22:38 +02:00 · 2021-05-30 08:22:38 +02:00 · 33a5137bc7
commit 33a5137bc7
parent 503df46968
1 changed files with 3 additions and 2 deletions
--- a/rules/windows/other/win_defender_history_delete.yml
+++ b/rules/windows/other/win_defender_history_delete.yml
@ -6,12 +6,13 @@ author: Cian Heasley
 references:
    - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus
 date: 2020/08/13
+modified: 2021/05/30
 tags:
    - attack.defense_evasion
    - attack.t1070.001
 logsource:
-    category: windows
-    product: windef
+    product: windows
+    service: windefend
 detection:
    selection:
        EventID: 1013