From fbe138ed900af8072a1e0deb9c6d40e49d68de9a Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Sat, 9 Nov 2019 23:24:31 +0100
Subject: [PATCH] rule: reduced level of rule to medium due to FPs

---
 rules/windows/sysmon/sysmon_susp_file_characteristics.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/sysmon/sysmon_susp_file_characteristics.yml b/rules/windows/sysmon/sysmon_susp_file_characteristics.yml
index 19956fce..d55dac16 100644
--- a/rules/windows/sysmon/sysmon_susp_file_characteristics.yml
+++ b/rules/windows/sysmon/sysmon_susp_file_characteristics.yml
@@ -6,6 +6,7 @@ references:
     - https://www.virustotal.com/#/file/276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb/detection
 author: Markus Neis
 date: 2018/11/22
+modified: 2019/11/09
 tags:
     - attack.defense_evasion
     - attack.execution
@@ -29,4 +30,4 @@ fields:
     - ParentCommandLine
 falsepositives:
     - Unknown
-level: high
+level: medium