Merge pull request #3474 from SigmaHQ/aurora-false-positive-fixing

fix: schtasks in suspicious parents rule

rules/windows/process_creation/proc_creation_win_susp_parents.yml

@@ -7,7 +7,7 @@ references:
    - https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b
 author: Florian Roth
 date: 2022/03/21
-modified: 2022/07/08
+modified: 2022/09/08
 logsource:
    category: process_creation
    product: windows
@@ -21,7 +21,7 @@ detection:
       ParentImage|endswith:
          - '\csrss.exe'
          - '\certutil.exe'
-         - '\schtasks.exe'
+         # - '\schtasks.exe'
          - '\eventvwr.exe'
          - '\calc.exe'
          - '\notepad.exe'