fix: filter names and title

rules/windows/network_connection/net_connection_win_notion_api_susp_communication.yml

@@ -1,4 +1,4 @@
-title: Potential Suspicious Network Connection To Notion API
+title: Potentially Suspicious Network Connection To Notion API
 id: 7e9cf7b6-e827-11ed-a05b-15959c120003
 status: experimental
 description: Detects a non-browser process communicating with the Notion API. This could indicate potential use of a covert C2 channel such as "OffensiveNotion C2"
@@ -18,46 +18,46 @@ detection:
         DestinationHostname|contains: 'api.notion.com'
     filter_main_notion:
         Image|endswith: '\AppData\Local\Programs\Notion\Notion.exe'
-    filter_optional_brave:
+    filter_main_brave:
         Image|endswith: '\brave.exe'
-    filter_optional_chrome:
+    filter_main_chrome:
         Image:
             - 'C:\Program Files\Google\Chrome\Application\chrome.exe'
             - 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
-    filter_optional_firefox:
+    filter_main_firefox:
         Image:
             - 'C:\Program Files\Mozilla Firefox\firefox.exe'
             - 'C:\Program Files (x86)\Mozilla Firefox\firefox.exe'
-    filter_optional_ie:
+    filter_main_ie:
         Image:
             - 'C:\Program Files (x86)\Internet Explorer\iexplore.exe'
             - 'C:\Program Files\Internet Explorer\iexplore.exe'
-    filter_optional_maxthon:
+    filter_main_maxthon:
         Image|endswith: '\maxthon.exe'
-    filter_optional_edge_1:
+    filter_main_edge_1:
         - Image|startswith: 'C:\Program Files (x86)\Microsoft\EdgeWebView\Application\'
         - Image|endswith: '\WindowsApps\MicrosoftEdge.exe'
         - Image:
             - 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe'
             - 'C:\Program Files\Microsoft\Edge\Application\msedge.exe'
-    filter_optional_edge_2:
+    filter_main_edge_2:
         Image|startswith:
             - 'C:\Program Files (x86)\Microsoft\EdgeCore\'
             - 'C:\Program Files\Microsoft\EdgeCore\'
         Image|endswith:
             - '\msedge.exe'
             - '\msedgewebview2.exe'
-    filter_optional_opera:
+    filter_main_opera:
         Image|endswith: '\opera.exe'
-    filter_optional_safari:
+    filter_main_safari:
         Image|endswith: '\safari.exe'
-    filter_optional_seamonkey:
+    filter_main_seamonkey:
         Image|endswith: '\seamonkey.exe'
-    filter_optional_vivaldi:
+    filter_main_vivaldi:
         Image|endswith: '\vivaldi.exe'
-    filter_optional_whale:
+    filter_main_whale:
         Image|endswith: '\whale.exe'
-    condition: selection and not 1 of filter_main_* and not 1 of filter_optional_*
+    condition: selection and not 1 of filter_main_*
 falsepositives:
     - Legitimate applications communicating with the "api.notion.com" endpoint that are not already in the exclusion list. The desktop and browser applications do not appear to be using the API by default unless integrations are configured.
 level: low