valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removed redundant attribute from rule

Browse Source 
EventID 4657 already implies the modification.
This commit is contained in:
Thomas Patzke 2018-06-02 22:37:26 +02:00
parent e72c0d5de4
commit df6ad82770
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/builtin/win_net_ntlm_downgrade.yml
View File

@ -32,7 +32,6 @@ logsource:
detection: detection:
selection2: selection2:
EventID: 4657 EventID: 4657
OperationType: 'Existing registry value modified'
ObjectName: '\REGISTRY\MACHINE\SYSTEM\*ControlSet*\Control\Lsa' ObjectName: '\REGISTRY\MACHINE\SYSTEM\*ControlSet*\Control\Lsa'
ObjectValueName: ObjectValueName:
- 'LmCompatibilityLevel' - 'LmCompatibilityLevel'