Update apt unidentified nov 18.txt

2020-04-22 13:55:02 +03:00 · 2020-04-22 13:55:02 +03:00 · 5e2733109e
--- a/Campaigns/apt
+++ b/Campaigns/apt
@ -1,11 +1,11 @@
 // Original Sigma Rule: https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_unidentified_nov_18.yml
 // Questions via Twitter: @janvonkirchheim
-ProcessCreationEvents
-| where EventTime > ago(7d)
+DeviceProcessEvents 
+| where Timestamp > ago(7d)
 | where ProcessCommandLine endswith "cyzfc.dat, PointFunctionCall" 
-| top 100 by EventTime desc
+| top 100 by Timestamp desc

-FileCreationEvents 
-| where EventTime > ago(7d)
+DeviceFileEvents  
+| where Timestamp  > ago(7d)
 | where FolderPath has "ds7002.lnk"
-| top 100 by EventTime desc
+| top 100 by Timestamp desc