revert to upstream

SigmaHQ · Nov 15, 2018 · cd59507 · cd59507
1 parent 742192b
commit cd59507
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/rules/network/net_susp_network_scan.yml b/rules/network/net_susp_network_scan.yml
@@ -7,7 +7,9 @@ detection:
     selection:
         action: denied
     timeframe: 24h
-    condition: ( selection | count(dst_port) by src_ip > 10 ) or ( selection | count(dst_ip) by src_ip > 10 )
+    condition:
+        - selection | count(dst_port) by src_ip > 10
+        - selection | count(dst_ip) by src_ip > 10
 fields:
     - src_ip
     - dst_ip