title: Noisy Rule Test 3
date: 2017/03/08
detection:
  SELECTION_1:
    EventID: 7045
  condition: SELECTION_1 | count() by ServiceFileName < 5
id: 1703ba97-b2c2-4071-a241-a16d017d25d3
level: low
logsource:
  product: windows
  service: system
status: experimental
ruletype: SIGMA