Skip to content

Commit

Permalink
Merge pull request SigmaHQ#996 from fryguy04/master
Browse files Browse the repository at this point in the history 
removed leading slash and allow for mult spaces
  • Loading branch information
@thomaspatzke
thomaspatzke authored Oct 12, 2020
2 parents 976fc92 + 2e6f87e commit f064102
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions rules/windows/process_creation/win_susp_ping_hex_ip.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ logsource:
product: windows
detection:
selection:
CommandLine:
- '*\ping.exe 0x*'
- '*\ping 0x*'
CommandLine|contains:
- 'ping.exe*0x*'
- 'ping*0x*'
condition: selection
fields:
- ParentCommandLine
Expand Down

0 comments on commit f064102

Please sign in to comment.