title: test
id: ff151c33-45fa-475d-af4f-c2f93571f4fe
description: |
    all of test
status: experimental
date: 2021/12/4
author: test
logsource:
    product: windows
    service: security
detection:
    selection1:
        EventID: 
            - 3
            - 7
            - a
        UserName: abc
    selection2:
        process: nnn
        parentprocess: 2
    selection3:
        uuu: zzzz
        xxxx: 3
    another:
        ppp: iiii
    condition: all of selection* or another
falsepositives:
    - Unknown
level: medium