From 7cbfc7f16a40ad4dc8600d187d89d3adfe1fbfc2 Mon Sep 17 00:00:00 2001
From: phantinuss <79651203+phantinuss@users.noreply.github.com>
Date: Wed, 6 Apr 2022 16:37:04 +0200
Subject: [PATCH] fix: remove . from title

---
 rules/cloud/azure/azure_keyvault_modified_or_deleted.yml    | 4 ++--
 .../gcp/gcp_dlp_re_identifies_sensitive_information.yml     | 4 ++--
 .../win_new_or_renamed_user_account_with_dollar_sign.yml    | 6 +++---
 .../sysmon_powershell_code_injection.yml                    | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/rules/cloud/azure/azure_keyvault_modified_or_deleted.yml b/rules/cloud/azure/azure_keyvault_modified_or_deleted.yml
index d50c76cc4..cc596dcbf 100644
--- a/rules/cloud/azure/azure_keyvault_modified_or_deleted.yml
+++ b/rules/cloud/azure/azure_keyvault_modified_or_deleted.yml
@@ -1,4 +1,4 @@
-title: Azure Key Vault Modified or Deleted.
+title: Azure Key Vault Modified or Deleted
 id: 459a2970-bb84-4e6a-a32e-ff0fbd99448d
 description: Identifies when a key vault is modified or deleted.
 author: Austin Songer @austinsonger
@@ -11,7 +11,7 @@ logsource:
   service: activitylogs
 detection:
     selection:
-        properties.message: 
+        properties.message:
             - MICROSOFT.KEYVAULT/VAULTS/WRITE
             - MICROSOFT.KEYVAULT/VAULTS/DELETE
             - MICROSOFT.KEYVAULT/VAULTS/DEPLOY/ACTION
diff --git a/rules/cloud/gcp/gcp_dlp_re_identifies_sensitive_information.yml b/rules/cloud/gcp/gcp_dlp_re_identifies_sensitive_information.yml
index 8ee23cf0c..7457bc91f 100644
--- a/rules/cloud/gcp/gcp_dlp_re_identifies_sensitive_information.yml
+++ b/rules/cloud/gcp/gcp_dlp_re_identifies_sensitive_information.yml
@@ -1,6 +1,6 @@
-title: Google Cloud Re-identifies Sensitive Information.
+title: Google Cloud Re-identifies Sensitive Information
 id: 234f9f48-904b-4736-a34c-55d23919e4b7
-description: Identifies when sensitive information is re-identified in google Cloud. 
+description: Identifies when sensitive information is re-identified in google Cloud.
 author: Austin Songer @austinsonger
 status: experimental
 date: 2021/08/15
diff --git a/rules/windows/builtin/security/win_new_or_renamed_user_account_with_dollar_sign.yml b/rules/windows/builtin/security/win_new_or_renamed_user_account_with_dollar_sign.yml
index 1b7ae7105..3a1aeaa23 100644
--- a/rules/windows/builtin/security/win_new_or_renamed_user_account_with_dollar_sign.yml
+++ b/rules/windows/builtin/security/win_new_or_renamed_user_account_with_dollar_sign.yml
@@ -1,4 +1,4 @@
-title: New or Renamed User Account with '$' in Attribute 'SamAccountName'.
+title: New or Renamed User Account with '$' in Attribute 'SamAccountName'
 id: cfeed607-6aa4-4bbd-9627-b637deb723c8
 status: experimental
 description: Detects possible bypass EDR and SIEM via abnormal user account name.
@@ -13,10 +13,10 @@ logsource:
     service: security
 detection:
     selection:
-        EventID: 
+        EventID:
             - 4720 # create user
             - 4781 # rename user
-        SamAccountName|contains: '$'    
+        SamAccountName|contains: '$'
     condition: selection
 fields:
     - EventID
diff --git a/rules/windows/create_remote_thread/sysmon_powershell_code_injection.yml b/rules/windows/create_remote_thread/sysmon_powershell_code_injection.yml
index 3289b67ec..84ab9d39e 100644
--- a/rules/windows/create_remote_thread/sysmon_powershell_code_injection.yml
+++ b/rules/windows/create_remote_thread/sysmon_powershell_code_injection.yml
@@ -1,4 +1,4 @@
-title: Accessing WinAPI in PowerShell. Code Injection.
+title: Accessing WinAPI in PowerShell. Code Injection
 id: eeb2e3dc-c1f4-40dd-9bd5-149ee465ad50
 status: test
 description: Detecting Code injection with PowerShell in another process