From 751fbd7a2e4f8375d6ec517ceeb4e08f62016e31 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 4 Aug 2022 19:36:07 +0100
Subject: [PATCH] Update proc_creation_win_susp_calc.yml

---
 .../process_creation/proc_creation_win_susp_calc.yml      | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_calc.yml b/rules/windows/process_creation/proc_creation_win_susp_calc.yml
index 7b4356ea7..9bfe793b6 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_calc.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_calc.yml
@@ -19,10 +19,10 @@ detection:
             - 'C:\Windows\System32\'
             - 'C:\Windows\SysWOW64\'
             - 'C:\Windows\WinSxS\'
-    condition: selection not filter
+    condition: selection and not filter
 falsepositives:
-  - Unknown
+    - Unknown
 level: high
 tags:
-  - attack.defense_evasion
-  - attack.t1036
+    - attack.defense_evasion
+    - attack.t1036