From 1e2f7c7abf59caa979fb17b2ec04da2cfaea7f29 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Fri, 21 May 2021 12:35:37 +0200
Subject: [PATCH] Fix falsepositives list

---
 .../builtin/win_powershell_script_installed_as_service.yml    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rules/windows/builtin/win_powershell_script_installed_as_service.yml b/rules/windows/builtin/win_powershell_script_installed_as_service.yml
index 1f5a7e419..01652c7c6 100644
--- a/rules/windows/builtin/win_powershell_script_installed_as_service.yml
+++ b/rules/windows/builtin/win_powershell_script_installed_as_service.yml
@@ -5,6 +5,7 @@ description: Detects powershell script installed as a Service
 status: experimental
 author: oscd.community, Natalia Shornikova
 date: 2020/10/06
+modified: 2021/05/21
 references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse
 tags:
@@ -16,7 +17,8 @@ detection:
           - 'powershell'
           - 'pwsh'
     condition: service_creation and powershell_as_service
-falsepositives: Unknown
+falsepositives:
+    - Unknown
 level: high
 ---
 logsource: