Update proc_creation_win_susp_calc.yml

2022-08-04 19:36:07 +01:00
parent be40827c9b
commit 751fbd7a2e
1 changed files with 4 additions and 4 deletions
@@ -19,10 +19,10 @@ detection:
            - 'C:\Windows\System32\'
            - 'C:\Windows\SysWOW64\'
            - 'C:\Windows\WinSxS\'
-    condition: selection not filter
+    condition: selection and not filter
 falsepositives:
-  - Unknown
+    - Unknown
 level: high
 tags:
-  - attack.defense_evasion
-  - attack.t1036
+    - attack.defense_evasion
+    - attack.t1036