paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 900000-exclusion_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2024-01-19 15:51:30 -06:00
committed by GitHub
parent ca4f14fbda
commit 03a7ee7eaa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Exclusion Rules/900000-exclusion_rules.xml
View File

@@ -519,7 +519,7 @@
<!-- Exclude Windows Defender DNS Queries -->
<rule id="900074" level="1">
<if_sid>121101</if_sid>
<field name="win.eventdata.image" type="pcre2">(?i)C:\\\\Program Files\\\\Windows Defender Advanced Threat Protection</field>
<field name="win.eventdata.image" type="pcre2">(?i)^C:\\\\Program Files\\\\Windows Defender Advanced Threat Protection</field>
<description>Exceptions rule created for Exclude Windows Defender DNS Queries.</description>
<options>no_full_log</options>
</rule>