Removed within keyword in rule

2024-11-07 09:48:58 +00:00 · 2017-10-30 00:15:01 +01:00 · 2017-10-30 00:15:01 +01:00 · c865b0e9a8
commit c865b0e9a8
parent 0df60fe004
1 changed files with 1 additions and 2 deletions
--- a/rules/windows/builtin/win_multiple_suspicious_cli.yml
+++ b/rules/windows/builtin/win_multiple_suspicious_cli.yml
@ -51,9 +51,8 @@ detection:
            - wbadmin.exe
            - icacls.exe
            - diskpart.exe
-#    timeframe: 30min
    timeframe: 5min
-    condition: selection | count() > 5 within timeframe
+    condition: selection | count() > 5
 falsepositives: 
    - False positives depend on scripts and administrative tools used in the monitored environment
 level: medium