mirror of
https://github.com/socfortress/Wazuh-Rules.git
synced 2025-10-26 09:23:32 +00:00
Update 900000-exclusion_rules.xml
This commit is contained in:
taylor_socfortress
committed by
GitHub
GitHub
parent
ca4f14fbda
commit
03a7ee7eaa
@@ -519,7 +519,7 @@
|
|||||||
<!-- Exclude Windows Defender DNS Queries -->
|
<!-- Exclude Windows Defender DNS Queries -->
|
||||||
<rule id="900074" level="1">
|
<rule id="900074" level="1">
|
||||||
<if_sid>121101</if_sid>
|
<if_sid>121101</if_sid>
|
||||||
<field name="win.eventdata.image" type="pcre2">(?i)C:\\\\Program Files\\\\Windows Defender Advanced Threat Protection</field>
|
<field name="win.eventdata.image" type="pcre2">(?i)^C:\\\\Program Files\\\\Windows Defender Advanced Threat Protection</field>
|
||||||
<description>Exceptions rule created for Exclude Windows Defender DNS Queries.</description>
|
<description>Exceptions rule created for Exclude Windows Defender DNS Queries.</description>
|
||||||
<options>no_full_log</options>
|
<options>no_full_log</options>
|
||||||
</rule>
|
</rule>
|
||||||
|
|||||||
Reference in New Issue
Block a user