Skip to content

Commit

Permalink
Add tagg Endswith
Browse files Browse the repository at this point in the history 
Prevent the trigger of {}.exe.log
  • Loading branch information
@SanWieb
SanWieb authored May 29, 2020
1 parent 38afd8b commit a00f7f1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/windows/sysmon/sysmon_creation_system_file.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ logsource:
detection:
selection:
EventID: 11
TargetFilename:
TargetFilename|endswith:
- '*\svchost.exe'
- '*\rundll32.exe'
- '*\services.exe'
Expand Down

0 comments on commit a00f7f1

Please sign in to comment.