Closed reece394 closed 8 months ago
This updates the windows_defender.yml rule file to filter for EventIDs instead of saving all of the EventIDs to the spreadsheet. This should cut down on the noise of the resulting antivirus file. Tested on several engagements and works well.
This updates the windows_defender.yml rule file to filter for EventIDs instead of saving all of the EventIDs to the spreadsheet. This should cut down on the noise of the resulting antivirus file. Tested on several engagements and works well.