valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_susp_explorer.yml

Browse Source 
Added known-fp
This commit is contained in:
Furkan ÇALIŞKAN 2020-10-05 13:22:43 +03:00 committed by GitHub
parent 85962665fd
commit b147fc3296
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/process_creation/win_susp_explorer.yml
View File

@ -28,5 +28,5 @@ detection:
- explorer.exe - explorer.exe
condition: selection1 or selection2 condition: selection1 or selection2
falsepositives: falsepositives:
- Unknown - Legitimate explorer.exe run from cmd.exe
level: medium level: medium