14 lines
281 B
YAML
14 lines
281 B
YAML
title: Noisy Rule Test 3
|
|
date: 2017/03/08
|
|
detection:
|
|
SELECTION_1:
|
|
EventID: 7045
|
|
condition: SELECTION_1 | count() by ServiceFileName < 5
|
|
id: 1703ba97-b2c2-4071-a241-a16d017d25d3
|
|
level: low
|
|
logsource:
|
|
product: windows
|
|
service: system
|
|
status: experimental
|
|
ruletype: SIGMA
|