paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 900000-exclusion_rules.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-08-06 08:38:45 -05:00
committed by GitHub
parent 487b686abe
commit c213dccf24
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Exclusion Rules/900000-exclusion_rules.xml
View File

@@ -311,4 +311,12 @@
<description>Exclude ShellExperienceHost EXE codeintegrity-operational SIGMA Alert</description> <description>Exclude ShellExperienceHost EXE codeintegrity-operational SIGMA Alert</description>
<options>no_full_log</options> <options>no_full_log</options>
</rule> </rule>
<!-- Exclude Microsoft-Windows-PushNotification-Platform/Operational channel from codeintegrity-operational SIGMA Alert -->
<rule id="900047" level="1">
<if_sid>200051</if_sid>
<field name="logsource.service" type="pcre2">(?i)^codeintegrity-operational$</field>
<field name="system.Channel" type="pcre2">(?i)^Microsoft-Windows-PushNotification-Platform/Operational$</field>
<description>Exclude Microsoft-Windows-PushNotification-Platform/Operational channel from codeintegrity-operationa SIGMA Alert</description>
<options>no_full_log</options>
</rule>
</group> </group>