Deleted EventID part

rkondracki · Jun 4, 2020 · 0744107 · 0744107
1 parent 1c677aa
commit 0744107
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml
@@ -13,7 +13,6 @@ logsource:
   product: windows
 detection:
   selection:
-    EventID: 1
     Image|endswith:
     - '\powershell.exe'
     ParentImage|endswith: