14 lines
290 B
YAML
14 lines
290 B
YAML
title: Noisy Rule Test2
|
|
date: 2017/03/23
|
|
description: excluded rule
|
|
detection:
|
|
SELECTION_1:
|
|
EventID: 4698
|
|
condition: SELECTION_1 | count() by TaskName < 5
|
|
falsepositives:
|
|
- Software installation
|
|
- Software updates
|
|
id: 8b8db936-172e-4bb7-9f84-ccc954d51d93
|
|
level: low
|
|
ruletype: SIGMA
|