Merge pull request #747 from zaphodef/fix/win_susp_backup_delete_source

Fix 'source' value for win_susp_backup_delete
2024-11-07 09:48:58 +00:00 · 2020-05-25 10:48:36 +02:00 · 2020-05-25 10:48:36 +02:00 · a962bd1bc1
commit a962bd1bc1
parent 0afe0623af d510e1aad4
1 changed files with 1 additions and 1 deletions
--- a/rules/windows/builtin/win_susp_backup_delete.yml
+++ b/rules/windows/builtin/win_susp_backup_delete.yml
@ -16,7 +16,7 @@ logsource:
 detection:
    selection:
        EventID: 524
-        Source: Backup
+        Source: Microsoft-Windows-Backup
    condition: selection
 falsepositives:
    - Unknown