mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-08 02:08:54 +00:00
Update win_susp_multiple_files_renamed_or_deleted.yml
This commit is contained in:
parent
515c4dd9cd
commit
edede617cf
@ -12,7 +12,7 @@ tags:
|
|||||||
logsource:
|
logsource:
|
||||||
product: windows
|
product: windows
|
||||||
service: security
|
service: security
|
||||||
definition: 'Requirements: Audit Policy : Policies/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access, Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access'
|
definition: Requirements: Audit Policy : Policies/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access, Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access
|
||||||
detection:
|
detection:
|
||||||
selection:
|
selection:
|
||||||
EventID: 4663
|
EventID: 4663
|
||||||
|
Loading…
Reference in New Issue
Block a user