From 07d552a2abe786ad8b75fb0311467cf09c3990c6 Mon Sep 17 00:00:00 2001
From: theusername-sudo <128535985+theusername-sudo@users.noreply.github.com>
Date: Thu, 16 Oct 2025 08:36:56 -0500
Subject: [PATCH] Update lateral_movement_scheduled_task_target.toml to fix
 null values

Update lateral_movement_scheduled_task_target.toml to fix null values
---
 rules/windows/lateral_movement_scheduled_task_target.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/lateral_movement_scheduled_task_target.toml b/rules/windows/lateral_movement_scheduled_task_target.toml
index 5301c4b0ac9..b27762e49a9 100644
--- a/rules/windows/lateral_movement_scheduled_task_target.toml
+++ b/rules/windows/lateral_movement_scheduled_task_target.toml
@@ -68,7 +68,7 @@ query = '''
 sequence by host.id, process.entity_id with maxspan = 1m
    [network where host.os.type == "windows" and process.name : "svchost.exe" and
    network.direction : ("incoming", "ingress") and source.port >= 49152 and destination.port >= 49152 and
-   source.ip != "127.0.0.1" and source.ip != "::1"
+   source.ip != "127.0.0.1" and source.ip != "::1" and source.ip != null
    ]
    [registry where host.os.type == "windows" and event.type == "change" and registry.value : "Actions" and
     registry.path : "*\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\*\\Actions"]