Merge pull request #2586 from phantinuss/master

fix: typo unkown --> unknown

rules/windows/file_event/win_fe_creation_new_shim_database.yml

@@ -17,7 +17,7 @@ detection:
     TargetFilename|contains: '\Windows\apppatch\Custom\'
   condition: selection 
 falsepositives:
-  - Unkown
+  - Unknown
 level: medium
 tags:
   - attack.persistence

rules/windows/file_event/win_fe_creation_scr_binary_file.yml

@@ -21,7 +21,7 @@ detection:
       - '\Bin\ccSvcHst.exe' # Symantec Endpoint Protection
   condition: selection and not 1 of filter*
 falsepositives:
-  - Unkown
+  - Unknown
 level: medium
 tags:
   - attack.persistence

rules/windows/file_event/win_fe_creation_unquoted_service_path.yml

@@ -17,7 +17,7 @@ detection:
     TargetFilename: 'C:\program.exe' 
   condition: selection 
 falsepositives:
-  - Unkown
+  - Unknown
 level: high
 tags:
   - attack.persistence

rules/windows/file_event/win_fe_writing_local_admin_share.yml

@@ -18,7 +18,7 @@ detection:
         - '\ADMIN$\'
   condition: selection 
 falsepositives:
-  - Unkown
+  - Unknown
 level: medium
 tags:
   - attack.lateral_movement