Skip to content

Commit

Permalink
Merge pull request SigmaHQ#979 from barvhaim/patch-3
Browse files Browse the repository at this point in the history 
Update win_susp_rasdial_activity.yml to use `contains` instead of `equal`
  • Loading branch information
@Neo23x0
Neo23x0 authored Aug 18, 2020
2 parents fd23a18 + bc74ac1 commit 79adace
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rules/windows/process_creation/win_susp_rasdial_activity.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ logsource:
product: windows
detection:
selection:
CommandLine:
- rasdial
Image|endswith:
- rasdial.exe
condition: selection
falsepositives:
- False positives depend on scripts and administrative tools used in the monitored environment
Expand Down

0 comments on commit 79adace

Please sign in to comment.