From 679f3d015b2b3faadb60d96fecd1b2648336f892 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Wed, 4 Jan 2023 19:11:33 +0100
Subject: [PATCH] fix: remove unnecessary space

---
 rules/windows/process_creation/proc_creation_win_susp_cmd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_cmd.yml b/rules/windows/process_creation/proc_creation_win_susp_cmd.yml
index 976d65498..9fc743f25 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_cmd.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_cmd.yml
@@ -67,9 +67,9 @@ detection:
         ParentImage: 'C:\Program Files (x86)\Varonis\DatAdvantage\GridCollector\VrnsRealTimeAlertsSvc.exe'
         Image|endswith: '\cmd.exe'
     filter_tenable:
+        # See https://github.com/SigmaHQ/sigma/pull/3869 for an example
         ParentImage: 'C:\Program Files\Tenable\Nessus Agent\nessus-agent-module.exe'
         Image|endswith: '\cmd.exe'
-
     condition: all of selection_* and not 1 of filter_*
 falsepositives:
     - Unknown