Update win_susp_multiple_files_renamed_or_deleted.yml

sec-js · Oct 29, 2020 · ab60fdc · ab60fdc
1 parent 683824e
commit ab60fdc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
@@ -22,6 +22,6 @@ detection:
     timeframe: 30s
     condition: selection | count() by SubjectLogonId > 10
 falsepositives:
-    - software uninstallation
-    - files restore activities
+    - Software uninstallation
+    - Files restore activities
 level: high