From 5fe8d5c6f1f1ddbd38b2b3409df9976a808727df Mon Sep 17 00:00:00 2001
From: taylor_socfortress <111797488+taylorwalton@users.noreply.github.com>
Date: Wed, 30 Nov 2022 13:23:02 -0600
Subject: [PATCH] Update MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml

---
 Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml b/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml
index 0c5cb18..bce9873 100644
--- a/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml
+++ b/Windows_Sysmon/MITRE_TECHNIQUES_FROM_SYSMON_EVENT1.xml
@@ -1167,6 +1167,8 @@
     <mitre>
       <id>T1134</id>
     </mitre>
+    <options>no_full_log</options>
+    <group>sysmon_event1,windows_sysmon_event1,</group>
   </rule>
   <!-- Rules 100600 - 100699: Correlation Rules -->
   <!-- Frequency rule to capture 3 sysmon event 1 Anomalies   -->