Fix syntax error

2024-11-07 17:58:52 +00:00 · 2021-04-15 02:11:13 +02:00 · 2021-04-15 02:11:13 +02:00 · 70b106ef52
commit 70b106ef52
parent ecbd730dad
1 changed files with 0 additions and 22 deletions
--- a/rules/windows/process_creation/cmstp_execution.yml
+++ b/rules/windows/process_creation/cmstp_execution.yml
@ -21,28 +21,6 @@ fields:
 falsepositives:
    - Legitimate CMSTP use (unlikely in modern enterprise environments)
 level: high
---
-logsource:
-    product: windows
-    category: registry_event
-detection:
-    # Registry Object Add
-    selection2:
-        TargetObject: '*\cmmgr32.exe*'
-        EventType: 'CreateKey'
-    # Registry Object Value Set
-    selection3:
-        TargetObject: '*\cmmgr32.exe*'
---
-logsource:
-    product: windows
-    category: process_access
-detection:
-    selection4:
-        Calltrace: '*cmlua.dll*'
---
-=======
->>>>>>> ce0111aa6a210133e6ac4f3ffb558dd22003fc15:rules/windows/process_creation/cmstp_execution.yml
 logsource:
    category: process_creation
    product: windows