From b98739b474db5c8e57a12742dbbd538810147c46 Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Mon, 29 Jan 2024 15:55:01 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/index.yaml         | 4 ++--
 atomics/Indexes/windows-index.yaml | 4 ++--
 atomics/T1654/T1654.md             | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 5fe97f01..67024abe 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -97261,8 +97261,8 @@ discovery:
       supported_platforms:
       - windows
       executor:
-        command: powershell -c "get-eventlog 'Security' | where {$_.Message -like
-          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
+        command: powershell -c {get-eventlog 'Security' | where {$_.Message -like
+          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
         cleanup_command: powershell -c "remove-item $env:temp\T1654_events.txt -ErrorAction
           Ignore"
         name: powershell
diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
index 78c50c6a..9ab6c8a2 100644
--- a/atomics/Indexes/windows-index.yaml
+++ b/atomics/Indexes/windows-index.yaml
@@ -79162,8 +79162,8 @@ discovery:
       supported_platforms:
       - windows
       executor:
-        command: powershell -c "get-eventlog 'Security' | where {$_.Message -like
-          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
+        command: powershell -c {get-eventlog 'Security' | where {$_.Message -like
+          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
         cleanup_command: powershell -c "remove-item $env:temp\T1654_events.txt -ErrorAction
           Ignore"
         name: powershell
diff --git a/atomics/T1654/T1654.md b/atomics/T1654/T1654.md
index e96f0e62..44a7cfab 100644
--- a/atomics/T1654/T1654.md
+++ b/atomics/T1654/T1654.md
@@ -35,7 +35,7 @@ Successful execution will save matching log events to the users temp folder.
 
 
 ```powershell
-powershell -c "get-eventlog 'Security' | where {$_.Message -like '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
+powershell -c {get-eventlog 'Security' | where {$_.Message -like '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
 ```
 
 #### Cleanup Commands: