From 391173c153f6213b169ef9d5f6faffba0ec42679 Mon Sep 17 00:00:00 2001
From: jkb <80353249+jkb-s@users.noreply.github.com>
Date: Mon, 16 Jan 2023 10:46:02 +0100
Subject: [PATCH 1/2] Correcting filepath parameter

According to Microsoft documentation, the parameter is -Filepath not -File-path. See: https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps
---
 .../proc_creation_win_import_cert_susp_locations.yml            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml b/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
index 80ab6442b..cca3a18f6 100644
--- a/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
+++ b/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
@@ -18,7 +18,7 @@ detection:
     selection:
         CommandLine|contains|all:
             - 'Import-Certificate'
-            - ' -File-Path '
+            - ' -FilePath '
             - 'Cert:\LocalMachine\Root'
         CommandLine|contains:
             - '\AppData\Local\Temp\'

From 09731e8547d5c528dea3fd8909119b725ab465de Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 16 Jan 2023 10:50:23 +0100
Subject: [PATCH 2/2] fix: update modified date

---
 .../proc_creation_win_import_cert_susp_locations.yml            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml b/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
index cca3a18f6..38c0bba81 100644
--- a/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
+++ b/rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
@@ -7,7 +7,7 @@ references:
     - https://docs.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps
 author: Nasreddine Bencherchali
 date: 2022/09/09
-modified: 2022/12/29
+modified: 2023/01/16
 tags:
     - attack.defense_evasion
     - attack.t1553.004