valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Specified source to prevent EventID collisions

Browse Source 
Issue #263
This commit is contained in:
Thomas Patzke 2019-04-01 23:45:55 +02:00
parent 0419ff215a
commit 8e854b06f6
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/builtin/win_susp_eventlog_cleared.yml
View File

@ -13,6 +13,7 @@ logsource:
detection:
selection:
EventID: 104
Source: Microsoft-Windows-Eventlog
condition: selection
falsepositives:
- Unknown