paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 00:02:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 900000-exclusion_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2025-02-11 15:09:44 -06:00
committed by GitHub
parent 925b4070a6
commit 69fd6c285b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Exclusion Rules/900000-exclusion_rules.xml
View File

@@ -629,10 +629,10 @@
<description>Exceptions AD Sync.</description>
<options>no_full_log</options>
</rule>
<!-- Lower cleanmgr -->
<!-- Lower system things -->
<rule id="900090" level="3">
<if_sid>92213</if_sid>
<field name="win.eventdata.image" type="pcre2">(?i)^C:\\\\Windows\\\\system32\\\\cleanmgr\.exe$</field>
<field name="win.eventdata.image" type="pcre2">(?i)^C:\\\\Windows\\\\system32\\\\cleanmgr\.exe$|(?i)^C:\\\\Windows\\\\system32\\\\taskhostw\.exe$|(?i)^C:\\\\Windows\\\\System32\\\\sdiagnhost\.exe$</field>
<description>Executable file dropped in folder commonly used by malware.</description>
<options>no_full_log</options>
</rule>