Skip to content

Commit

Permalink
remove redundant CheckHostnameMismatch (#3881)
Browse files Browse the repository at this point in the history 
remove redundant CheckHostnameMismatch
  • Loading branch information
@mgreen27
mgreen27 authored Nov 6, 2024
1 parent 4f3c8f3 commit 0782427
Showing 1 changed file with 1 addition and 4 deletions.
5 changes: 1 addition & 4 deletions artifacts/definitions/Windows/Forensics/Lnk.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,6 @@ parameters:
description: Regex for suspicious TrackerData Hastname.
type: regex
default: ^(Win-|Desktop-|Commando$)
- name: CheckHostnameMismatch
description: Compare TrackerData.MachineID with Hostname (noisy in many networks)
type: bool
- name: VmPrefixMAC
description: VM MacAddress prefix regex to compate to LNK TrackerData.
type: regex
Expand Down Expand Up @@ -1553,4 +1550,4 @@ column_types:
- name: ShellLinkHeader.AccessTime
type: timestamp
- name: ShellLinkHeader.WriteTime
type: timestamp
type: timestamp

0 comments on commit 0782427

Please sign in to comment.