update: Potentially Suspicious Execution Of PDQDeployRunner - Add additional processes to the list
update: Use Icacls to Hide File to Everyone - Remove "C:\Users" to increase coverage.
Example Log Event
N/A
Fixed Issues
N/A
SigmaHQ Rule Creation Conventions
If your PR adds new rules, please consider following and applying these conventions
Summary of the Pull Request
Cosmetic changes
Changelog
update: Potentially Suspicious Execution Of PDQDeployRunner - Add additional processes to the list update: Use Icacls to Hide File to Everyone - Remove "C:\Users" to increase coverage.
Example Log Event
N/A
Fixed Issues
N/A
SigmaHQ Rule Creation Conventions