From a60a2feb178dac6834abddb90a2519fc87b02db9 Mon Sep 17 00:00:00 2001
From: G Y <35021368+leegengyu@users.noreply.github.com>
Date: Sun, 4 Jul 2021 10:38:53 +0800
Subject: [PATCH] Update sysmon_susp_pfx_file_creation.yml

Fixed typo.
---
 rules/windows/file_event/sysmon_susp_pfx_file_creation.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml b/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml
index e9e962736..8c010b15d 100644
--- a/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml
+++ b/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml
@@ -1,6 +1,6 @@
 title: Suspicious PFX File Creation
 id: dca1b3e8-e043-4ec8-85d7-867f334b5724
-description: A General detection for processes creating PFX files. This could be an inidicator of an adversary exporting a local certificate to a pfx file.
+description: A general detection for processes creating PFX files. This could be an indicator of an adversary exporting a local certificate to a PFX file.
 status: experimental
 date: 2020/05/02
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
@@ -18,5 +18,5 @@ detection:
         TargetFilename|endswith: '.pfx'
     condition: selection
 falsepositives:
-    - unknown
-level: medium
\ No newline at end of file
+    - System administrators managing certififcates.
+level: medium