paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 900000-exclusion_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2024-01-19 18:09:24 -06:00
committed by GitHub
parent 03a7ee7eaa
commit 1bc5c319f8
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Exclusion Rules/900000-exclusion_rules.xml
View File

@@ -523,4 +523,11 @@
<description>Exceptions rule created for Exclude Windows Defender DNS Queries.</description> <description>Exceptions rule created for Exclude Windows Defender DNS Queries.</description>
<options>no_full_log</options> <options>no_full_log</options>
</rule> </rule>
<!-- Exclude Windows Defender SIGMA Rules -->
<rule id="900075" level="1">
<if_sid>62123</if_sid>
<field name="win.eventdata.path" type="pcre2">(?i)^file:_C:\\\\Program Files \(x86\)\\\\ossec-agent\\\\shared</field>
<description>Exceptions rule created for Windows Defender SIGMA Rules.</description>
<options>no_full_log</options>
</rule>
</group> </group>