Update sysmon_dns_over_https_enabled.yml

2024-11-06 17:35:19 +00:00 · 2021-08-31 17:11:04 +02:00 · 2021-08-31 17:11:04 +02:00 · cff572b752
commit cff572b752
parent 9dc8d38565
1 changed files with 3 additions and 6 deletions
--- a/rules/windows/registry_event/sysmon_dns_over_https_enabled.yml
+++ b/rules/windows/registry_event/sysmon_dns_over_https_enabled.yml
@ -17,16 +17,13 @@ logsource:
  category: registry_event
 detection:
    selection1:
-        TargetObject:
-            - 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\BuiltInDnsClientEnabled'
+        TargetObject: 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\BuiltInDnsClientEnabled'
        Details: 'DWORD (1)'
    selection2:
-        TargetObject:
-            - 'HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\DnsOverHttpsMode'
+        TargetObject: 'HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\DnsOverHttpsMode'
        Details: 'DWORD (secure)'
    selection3:
-        TargetObject:
-            - 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\DNSOverHTTPS'
+        TargetObject: 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\DNSOverHTTPS'
        Details: 'DWORD (1)'
    condition: selection1 or selection2 or selection3
 falsepositives: