Update win_susp_multiple_files_renamed_or_deleted.yml

This commit is contained in:
Vasiliy Burov 2020-10-27 22:36:12 +03:00 committed by GitHub
parent 515c4dd9cd
commit edede617cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -12,7 +12,7 @@ tags:
logsource: logsource:
product: windows product: windows
service: security service: security
definition: 'Requirements: Audit Policy : Policies/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access, Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access' definition: Requirements: Audit Policy : Policies/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access, Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access
detection: detection:
selection: selection:
EventID: 4663 EventID: 4663