Update detect_remote_access_software_usage_fileinfo.yml

nterl0k · web-flow · commit f4a78d9f6013 · 2025-02-06T08:03:25.000-05:00
diff --git a/detections/endpoint/detect_remote_access_software_usage_fileinfo.yml b/detections/endpoint/detect_remote_access_software_usage_fileinfo.yml
@@ -64,6 +64,8 @@ rba:
   threat_objects:
   - field: process_name
     type: process_name
+  - field: signature
+    type: signature
 tags:
   analytic_story:
   - Insider Threat
