From 549f9f167947018c513c74d22105df931eb2f14c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 28 Sep 2023 20:08:03 +0000
Subject: [PATCH] Sigma Rule Update (2023-09-28  20:07:57) (#499)

Co-authored-by: hach1yon <hach1yon@users.noreply.github.com>
---
 .../network_connection/net_connection_win_susp_epmap.yml      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml b/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
index f36862b02..f3851f177 100644
--- a/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
+++ b/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
@@ -7,7 +7,7 @@ references:
     - https://github.com/RiccardoAncarani/TaskShell/
 author: frack113, Tim Shelton (fps)
 date: 2022/07/14
-modified: 2023/09/01
+modified: 2023/09/28
 tags:
     - attack.lateral_movement
     - sysmon
@@ -30,6 +30,8 @@ detection:
         Image: null
     filter_image_null2:
         Image: ''
+    filter_image_unknown:
+        Image: <unknown process>
     condition: network_connection and (selection and not 1 of filter_*)
 falsepositives:
     - Unknown