Skip to content

Commit

Permalink
refactor: adjusted Sigma rule to Raccine 1.4
Browse files Browse the repository at this point in the history
  • Loading branch information
@Neo23x0
Neo23x0 committed Nov 14, 2020
1 parent 20ccfc6 commit 40e0ee1
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions sigma/win_raccine_block.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ title: Raccine Blocked Malicious Activity
id: ce1ae413-3a83-4424-a61d-25827480c173
description: Detects Raccine blocking the execution of an executable that has been invoked with parameters that are on the blocklist
date: 2020/10/17
modified: 2020/11/14
author: Florian Roth, John Lambert
references:
- https://github.com/Neo23x0/Raccine
Expand All @@ -16,6 +17,7 @@ detection:
selection:
Source: Raccine
EventID: 2
Level: Warning
condition: selection
falsepositives:
- Backup software triggering the blocks by accessing the volume shadow copies
Expand Down

0 comments on commit 40e0ee1

Please sign in to comment.