fix

2024-11-08 02:08:54 +00:00 · 2019-10-23 02:42:37 +03:00 · 2019-10-23 02:42:37 +03:00 · ebe4fe0377
commit ebe4fe0377
parent 29cd7fed3e
3 changed files with 7 additions and 7 deletions
--- a/rules/windows/process_creation/minidumpwritedump.yml
+++ b/rules/windows/process_creation/minidumpwritedump.yml
@ -13,8 +13,8 @@ logsource:
    product: windows
 detection:
    selection:
-        Image: '*\rundll32.exe'
-        CommandLine: '*comsvcs.dll*minidump*'
+        Image:'*\rundll32.exe'
+        CommandLine:'*comsvcs.dll*minidump*'
    condition: selection
 falsepositives:
    - unknown
--- a/rules/windows/sysmon/cobalt_execute_assembly.yml
+++ b/rules/windows/sysmon/cobalt_execute_assembly.yml
@ -15,9 +15,9 @@ detection:
    selection:
        EventID: 8
        TargetProcessAddress:
-         - '*0B80'
-         - '*0C7C'
-         - '*0C88'
+         -'*0B80'
+         -'*0C7C'
+         -'*0C88'
    condition: selection
 falsepositives:
    - unknown
--- a/rules/windows/sysmon/win_sysmon_driver_onload.yml
+++ b/rules/windows/sysmon/win_sysmon_driver_onload.yml
@ -15,8 +15,8 @@ logsource:
 detection:
  selection:
    EventID: 4688
-    ProcessName: '*\fltMC.exe'
-    CommandLine:  '*unload*Sys*'
+    ProcessName:'*\fltMC.exe'
+    CommandLine:'*unload*Sys*'
  selection1:
    EventID: 4673
    PrivilegeList: '*\SeLoadDriverPrivilege'