valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove too loose filter in mshta rule

Browse Source
This commit is contained in:
Karneades 2019-04-04 22:16:24 +02:00 committed by GitHub
parent 81693d81b6
commit eb690d8902
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/process_creation/win_mshta_spawn_shell.yml
View File

@ -20,10 +20,6 @@ detection:
- '*\reg.exe' - '*\reg.exe'
- '*\regsvr32.exe' - '*\regsvr32.exe'
- '*\BITSADMIN*' - '*\BITSADMIN*'
filter:
CommandLine:
- '*/HP/HP*'
- '*\HP\HP*'
condition: selection and not filter condition: selection and not filter
fields: fields:
- CommandLine - CommandLine