From 0d8dba5200610e707cceee04ba705ffeb7763e5f Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 28 Jul 2022 12:40:30 +0100
Subject: [PATCH] Update driver_load_susp_temp_use.yml

---
 .../driver_load/driver_load_susp_temp_use.yml  | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/rules/windows/driver_load/driver_load_susp_temp_use.yml b/rules/windows/driver_load/driver_load_susp_temp_use.yml
index 3bd13f623..0c5f94caf 100755
--- a/rules/windows/driver_load/driver_load_susp_temp_use.yml
+++ b/rules/windows/driver_load/driver_load_susp_temp_use.yml
@@ -6,16 +6,16 @@ author: Florian Roth
 date: 2017/02/12
 modified: 2021/11/27
 logsource:
-  category: driver_load
-  product: windows
+    category: driver_load
+    product: windows
 detection:
-  selection:
-    ImageLoaded|contains: '\Temp\'
-  condition: selection
+    selection:
+        ImageLoaded|contains: '\Temp\'
+    condition: selection
 falsepositives:
-  - There is a relevant set of false positives depending on applications in the environment
+    - There is a relevant set of false positives depending on applications in the environment
 level: high
 tags:
-  - attack.persistence
-  - attack.privilege_escalation
-  - attack.t1543.003
+    - attack.persistence
+    - attack.privilege_escalation
+    - attack.t1543.003