Merge branch 'patch-15' of https://github.com/vburov/sigma into patch-15

2024-11-08 02:08:54 +00:00 · 2020-10-28 11:27:48 +03:00 · 2020-10-28 11:27:48 +03:00 · 931ccde3e6
commit 931ccde3e6
parent eec398ea0e 2d2464ba22
1 changed files with 2 additions and 3 deletions
--- a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
+++ b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
@ -1,6 +1,6 @@
 title: Suspicious Multiple File Rename Or Delete Occurred
 id: 97919310-06a7-482c-9639-92b67ed63cf8
-author: Vasiliy Burov; oscd.community
+author: Vasiliy Burov, oscd.community
 date: 2020/10/16
 description: Detects multiple file rename or delete events occurrence within a specified period of time by a same user. These events may signalize about ransomware activity.
 status: experimental
@ -22,6 +22,5 @@ detection:
    timeframe: 30s
    condition: selection | count() by SubjectLogonId > 10
 falsepositives:
-    - software uninstallation
-    - files restore activities
+    - Unlikely
 level: high