From 461fbaf787868b927bfa64c0abcb48ee5082362f Mon Sep 17 00:00:00 2001
From: securepeacock <92804416+securepeacock@users.noreply.github.com>
Date: Tue, 4 Oct 2022 07:36:49 -0400
Subject: [PATCH] Update Powerpnt.yml with Sigma (#222)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/OtherMSBinaries/Powerpnt.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/yml/OtherMSBinaries/Powerpnt.yml b/yml/OtherMSBinaries/Powerpnt.yml
index 28baf81..91b7dc7 100644
--- a/yml/OtherMSBinaries/Powerpnt.yml
+++ b/yml/OtherMSBinaries/Powerpnt.yml
@@ -28,6 +28,7 @@ Full_Path:
   - Path: C:\Program Files\Microsoft Office\Office12\Powerpnt.exe
   - Path: C:\Program Files\Microsoft Office\Office12\Powerpnt.exe
 Detection:
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/8bb3379b6807610d61d29db1d76f5af4840b8208/rules/windows/process_creation/proc_creation_win_susp_msoffice.yml
   - IOC: Suspicious Office application Internet/network traffic
 Resources:
   - Link: https://twitter.com/reegun21/status/1150032506504151040