paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-03 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 900000-exclusion_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-06-09 09:40:07 -05:00
committed by GitHub
parent 625908abee
commit 6b9efac58f
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Exclusion Rules/900000-exclusion_rules.xml
View File

@@ -220,4 +220,11 @@
<description>Lower OneDrive Process Injection Severity - SIGMA</description>
<options>no_full_log</options>
</rule>
<!-- Lower VsCode Process Injection -->
<rule id="900035" level="3">
<if_sid>92910</if_sid>
<field name="win.eventdata.sourceImage" type="pcre2">(?i)\\\\AppData\\\\Local\\\\Programs\\\\Microsoft VS Code\\\\Code.exe$</field>
<description>Lower VsCode Process Injection alert </description>
<options>no_full_log</options>
</rule>
</group>