valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Trying to fix rule

Browse Source
This commit is contained in:
Florian Roth 2018-06-28 16:39:13 +02:00
parent fa98595ad6
commit c26c3ee426
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/builtin/win_susp_samr_pwset.yml
View File

@ -13,5 +13,5 @@ detection:
passwordchanged_filter:
PasswordLastSet: null
timeframe: 15s
condition: samrpipe | near ( passwordchanged and not passwordchanged_filter )
condition: ( passwordchanged and not passwordchanged_filter ) | near samrpipe
level: medium