Update win_susp_wmi_login.yml

This commit is contained in:
Jonhnathan 2020-10-15 15:54:21 -03:00 committed by GitHub
parent 496cfcb26a
commit d96bd0d9f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -13,7 +13,7 @@ logsource:
detection:
selection:
EventID: 4624
ProcessName: "*\\WmiPrvSE.exe"
ProcessName|endswith: "\\WmiPrvSE.exe"
condition: selection
falsepositives:
- Monitoring tools