title: Noisy Rule Test2
date: 2017/03/23
description: excluded rule
detection:
  SELECTION_1:
    EventID: 4698
  condition: SELECTION_1 | count() by TaskName < 5
falsepositives:
- Software installation
- Software updates
id: 8b8db936-172e-4bb7-9f84-ccc954d51d93
level: low
ruletype: SIGMA