title: APT29 Google Update Service Install
description: 'This method detects a service install of malicious services mentioned in APT29 report by FireEye' 
reference: https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
logsource:
    product: windows
    service: system
detection:
    selection:
        EventID: 7045
        ServiceName: 'Google Update'
    condition: selection
falsepositives:
    - Unknown
level: high