From c213dccf24713191252bde4187687337062cb5ea Mon Sep 17 00:00:00 2001
From: taylor_socfortress <111797488+taylorwalton@users.noreply.github.com>
Date: Sun, 6 Aug 2023 08:38:45 -0500
Subject: [PATCH] Update 900000-exclusion_rules.xml

---
 Exclusion Rules/900000-exclusion_rules.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Exclusion Rules/900000-exclusion_rules.xml b/Exclusion Rules/900000-exclusion_rules.xml
index 460e8aa..d64a4ea 100644
--- a/Exclusion Rules/900000-exclusion_rules.xml	
+++ b/Exclusion Rules/900000-exclusion_rules.xml	
@@ -311,4 +311,12 @@
     <description>Exclude ShellExperienceHost EXE codeintegrity-operational SIGMA Alert</description>
     <options>no_full_log</options>
   </rule>
+  <!-- Exclude Microsoft-Windows-PushNotification-Platform/Operational channel from codeintegrity-operational SIGMA Alert -->
+  <rule id="900047" level="1">
+    <if_sid>200051</if_sid>
+    <field name="logsource.service" type="pcre2">(?i)^codeintegrity-operational$</field>
+    <field name="system.Channel" type="pcre2">(?i)^Microsoft-Windows-PushNotification-Platform/Operational$</field>
+    <description>Exclude Microsoft-Windows-PushNotification-Platform/Operational channel from codeintegrity-operationa SIGMA Alert</description>
+    <options>no_full_log</options>
+  </rule>
 </group>