valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Completed requested changes

Browse Source 
selection2:
    Image|endswith:
This commit is contained in:
Cyb3rEng 2021-09-09 21:04:09 -06:00 committed by GitHub
parent ff08de6d20
commit 918bcfbf8a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/process_creation/Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml
View File

@ -22,7 +22,7 @@ detection:
EventType: WMIExecution
WMIcommand|contains: 'Win32_Process\:\:Create'
selection2:
- Image|endswith:
Image|endswith:
- '\winword.exe'
- '\excel.exe'
- '\powerpnt.exe'