From 60795f705032ca6b8fe2fb42a83a8d31caa0d2b4 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Sat, 26 Sep 2020 17:02:39 +0200
Subject: [PATCH] Update win_susp_adfind.yml

Fear that a simple adfind.exe causes too many false positives
---
 rules/windows/process_creation/win_susp_adfind.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_adfind.yml b/rules/windows/process_creation/win_susp_adfind.yml
index 01217458..94d4e82c 100644
--- a/rules/windows/process_creation/win_susp_adfind.yml
+++ b/rules/windows/process_creation/win_susp_adfind.yml
@@ -25,4 +25,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: high
+level: medium