From 14d13ef9ac1c97b0d97fbca4ebc38dc7aed820b2 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 10 Nov 2022 17:06:28 +0100
Subject: [PATCH] fix: rename ftp.exe rule to lolbin rule

---
 ...eation_win_susp_ftp.yml => proc_creation_win_lolbin_ftp.yml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename rules/windows/process_creation/{proc_creation_win_susp_ftp.yml => proc_creation_win_lolbin_ftp.yml} (94%)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_ftp.yml b/rules/windows/process_creation/proc_creation_win_lolbin_ftp.yml
similarity index 94%
rename from rules/windows/process_creation/proc_creation_win_susp_ftp.yml
rename to rules/windows/process_creation/proc_creation_win_lolbin_ftp.yml
index 249f6a99b..93f7abf93 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_ftp.yml
+++ b/rules/windows/process_creation/proc_creation_win_lolbin_ftp.yml
@@ -1,4 +1,4 @@
-title: Suspicious Execution Of FTP.EXE Binary
+title: LOLBIN Execution Of The FTP.EXE Binary
 id: 06b401f4-107c-4ff9-947f-9ec1e7649f1e
 status: test
 description: Detects execution of ftp.exe script execution with the "-s" flag and any child processes ran by ftp.exe