From bc387ebf588d62d726d38ed57c418982c03296b5 Mon Sep 17 00:00:00 2001
From: Frank Korving <korving.f@gmail.com>
Date: Thu, 29 Feb 2024 22:07:05 +0200
Subject: [PATCH] Adds MDE for Linux Configuration File

---
 .../DeploymentAutomation/KeepDefenderConfigByName.toml          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/DeploymentAutomation/KeepDefenderConfigByName.toml b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/DeploymentAutomation/KeepDefenderConfigByName.toml
index 40893ca..362e170 100644
--- a/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/DeploymentAutomation/KeepDefenderConfigByName.toml
+++ b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/DeploymentAutomation/KeepDefenderConfigByName.toml
@@ -6,5 +6,5 @@ Description = "Files containing Defender Configs are very interesting."
 MatchLocation = "FileName"
 WordListType = "Exact"
 MatchLength = 0
-WordList = ["SensorConfiguration.json"]
+WordList = ["SensorConfiguration.json","mdatp_managed.json"]
 Triage = "Yellow"