From 13c7d40a22f41fb2e4c8022ad42e87f9b4545050 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Wed, 10 Jun 2020 16:35:41 +0200
Subject: [PATCH] Cosmetics

---
 .../windows/process_creation/win_susp_findstr_lnk.yml  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/rules/windows/process_creation/win_susp_findstr_lnk.yml b/rules/windows/process_creation/win_susp_findstr_lnk.yml
index 657d47ff9..dd594f671 100644
--- a/rules/windows/process_creation/win_susp_findstr_lnk.yml
+++ b/rules/windows/process_creation/win_susp_findstr_lnk.yml
@@ -3,15 +3,15 @@ id: 33339be3-148b-4e16-af56-ad16ec6c7e7b
 description: Detects usage of findstr to identify and execute a lnk file as seen within the HHS redirect attack
 status: experimental
 references:
-  - https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/
+    - https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/
 tags:
-  - attack.defense_evasion
-  - attack.t1202
+    - attack.defense_evasion
+    - attack.t1202
 author: Trent Liffick
 date: 2020/05/01
 logsource:
-  category: process_creation
-  product: windows
+    category: process_creation
+    product: windows
 detection:
     selection:
         Image: '*\findstr.exe'