Skip to content

Commit

Permalink
Update 900000-exclusion_rules.xml
Browse files Browse the repository at this point in the history
  • Loading branch information
@taylorwalton
taylorwalton authored Sep 9, 2023
1 parent dae2f5d commit 98c505c
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions Exclusion Rules/900000-exclusion_rules.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,4 +449,12 @@
<description>Exclude LogonSessions Running Sigma Alert</description>
<options>no_full_log</options>
</rule>
<!-- Exclude LogonSessions Running Sigma Alert -->
<rule id="900065" level="1">
<if_sid>200051</if_sid>
<field name="name" type="pcre2">(?i)^Remote Thread Creation In Uncommon Target Image$</field>
<field name="event.SourceImage" type="pcre2">(?i)^C:\\Program Files\\socfortress\\sysinternals\\logonsessions64\.exe$</field>
<description>Exclude LogonSessions Running Sigma Aler</description>
<options>no_full_log</options>
</rule>
</group>

0 comments on commit 98c505c

Please # to comment.