From 5e2733109e186c17a6be57c74c69e7416a3af62c Mon Sep 17 00:00:00 2001
From: tali-ash <63594865+tali-ash@users.noreply.github.com>
Date: Wed, 22 Apr 2020 13:55:02 +0300
Subject: [PATCH] Update apt unidentified nov 18.txt

---
 Campaigns/apt unidentified nov 18.txt | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Campaigns/apt unidentified nov 18.txt b/Campaigns/apt unidentified nov 18.txt
index 15f050a..5791ef5 100644
--- a/Campaigns/apt unidentified nov 18.txt	
+++ b/Campaigns/apt unidentified nov 18.txt	
@@ -1,11 +1,11 @@
 // Original Sigma Rule: https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_unidentified_nov_18.yml
 // Questions via Twitter: @janvonkirchheim
-ProcessCreationEvents
-| where EventTime > ago(7d)
+DeviceProcessEvents 
+| where Timestamp > ago(7d)
 | where ProcessCommandLine endswith "cyzfc.dat, PointFunctionCall" 
-| top 100 by EventTime desc
+| top 100 by Timestamp desc
 
-FileCreationEvents 
-| where EventTime > ago(7d)
+DeviceFileEvents  
+| where Timestamp  > ago(7d)
 | where FolderPath has "ds7002.lnk"
-| top 100 by EventTime desc
+| top 100 by Timestamp desc