SigmaHQ/tests/mapping-conditional-multi.yml

title: Contional mapping with multiple targets
status: test
description: Logpoint configuration causes conditional mapping with multiple results
author: Thomas Patzke
logsource:
    product: windows
    service: security
detection:
    selection:
        EventID: 4624
        SubjectAccountName: Test
    condition: selection
fields:
    - EventID
    - SubjectAccountName