Update 900000-exclusion_rules.xml

Added `92204,92213` based off of comments in PR: https://github.com/socfortress/Wazuh-Rules/pull/11
2025-10-23 00:02:11 +00:00 · 2023-04-10 09:52:02 -05:00
parent a8cc90d542
commit 7bcf91ea02
1 changed files with 1 additions and 1 deletions
--- a/Rules/900000-exclusion_rules.xml
+++ b/Rules/900000-exclusion_rules.xml
@@ -188,7 +188,7 @@
  </rule>
  <!-- Lower Sev for Executable file dropped in folder commonly used by malware. Triggers many FPs due to user's browsers -->
  <rule id="900030" level="8">
-    <if_sid>92213</if_sid>
+    <if_sid>92204,92213</if_sid>
    <description>Executable file dropped in folder commonly used by malware.</description>
    <options>no_full_log</options>
  </rule>