valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_system_exe_anomaly.yml

Browse Source 
fixing to much original fork.
This commit is contained in:
GelosSnake 2019-12-29 18:02:49 +02:00
parent 7e7f6d1182
commit f574c20432
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/process_creation/win_system_exe_anomaly.yml
View File

@ -29,14 +29,14 @@ detection:
- '*\lsm.exe'
- '*\winlogon.exe'
- '*\explorer.exe'
- '*\taskhost.exe'
- '*\taskhost.exe'
filter:
Image:
- 'C:\Windows\System32\\*'
- 'C:\Windows\SysWow64\\*'
- 'C:\Windows\explorer.exe'
- 'C:\Windows\winsxs\\*'
- '\SystemRoot\System32\\*'
- '\SystemRoot\System32\\*'
condition: selection and not filter
falsepositives:
- Exotic software