From 8d7152d48973d46737db7aab22bb59dc78e09442 Mon Sep 17 00:00:00 2001
From: svch0stz <8684257+svch0stz@users.noreply.github.com>
Date: Fri, 9 Oct 2020 12:55:37 +1100
Subject: [PATCH] Update win_root_certificate_installed.yml

---
 rules/windows/builtin/win_root_certificate_installed.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/builtin/win_root_certificate_installed.yml b/rules/windows/builtin/win_root_certificate_installed.yml
index 94a711265..3d44236f2 100644
--- a/rules/windows/builtin/win_root_certificate_installed.yml
+++ b/rules/windows/builtin/win_root_certificate_installed.yml
@@ -42,6 +42,7 @@ detection:
 ---
 action: repeat
 logsource:
+    category: process_creation
     product: windows
     service: security
 detection: