Update proc_creation_win_webshell_spawn.yml

Example pulled from manage engine below:

Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
ParentImage: C:\Program Files\ManageEngine\SupportCenterPlus\jre\bin\java.exe
ParentCommandline: "..\jre\bin\java" -Dcatalina.home=.. -Dserver.home=.. -Dserver.stats=1000  <snip>

rules/windows/process_creation/proc_creation_win_webshell_spawn.yml

@@ -2,7 +2,7 @@ title: Shells Spawned by Web Servers
 id: 8202070f-edeb-4d31-a010-a26c72ac5600
 status: test
 description: Web servers that spawn shell processes could be the result of a successfully placed web shell or an other attack
-author: Thomas Patzke, Florian Roth
+author: Thomas Patzke, Florian Roth, Zach Stanford @svch0st
 date: 2019/01/16
 modified: 2022/03/17
 tags:
@@ -34,9 +34,10 @@ detection:
       ParentImage|endswith: 
          - '\java.exe'
          - '\javaw.exe'
-      CommandLine|contains: 
+      ParentCommandLine|contains: 
          - 'catalina.jar'
          - 'CATALINA_HOME'
+         - 'catalina.home'
    anomaly_children:
       Image|endswith:
          - '\cmd.exe'