feat: new rules, updates and fp fixes (#4162)

rules/windows/powershell/powershell_script/posh_ps_amsi_null_bits_bypass.yml

@@ -9,16 +9,17 @@ references:
     - https://github.com/r00t-3xp10it/hacking-material-books/blob/43cb1e1932c16ff1f58b755bc9ab6b096046853f/obfuscation/simple_obfuscation.md#amsi-bypass-using-null-bits-satoshi
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/01/04
+modified: 2023/04/03
 tags:
     - attack.defense_evasion
     - attack.t1562.001
 logsource:
     product: windows
-    service: powershell
+    category: ps_script
     definition: 'Requirements: Script Block Logging must be enabled'
 detection:
     selection:
-        ScriptBlockLogging|contains:
+        ScriptBlockText|contains:
             - "if(0){{{0}}}' -f $(0 -as [char]) +"
             - "#<NULL>"
     condition: selection

rules/windows/powershell/powershell_script/posh_ps_apt_silence_eda.yml

@@ -6,7 +6,7 @@ references:
     - https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf
 author: Alina Stepchenkova, Group-IB, oscd.community
 date: 2019/11/01
-modified: 2022/10/05
+modified: 2023/04/03
 tags:
     - attack.execution
     - attack.t1059.001
@@ -19,7 +19,7 @@ tags:
     - attack.s0363
 logsource:
     product: windows
-    service: powershell
+    category: ps_script
     definition: 'Requirements: Script Block Logging must be enabled'
 detection:
     empire: