From 9504a5a7a70259d94b4ec4c19fafcccf76632d04 Mon Sep 17 00:00:00 2001
From: swachchhanda <logpoint-admin@NP-RTI-MBP-01.local>
Date: Thu, 20 Apr 2023 17:31:26 +0545
Subject: [PATCH] mend

removed system_integrity
---
 ...creation_win_schtasks_schedule_via_masqueraded_xml_file.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_schtasks_schedule_via_masqueraded_xml_file.yml b/rules/windows/process_creation/proc_creation_win_schtasks_schedule_via_masqueraded_xml_file.yml
index e5fa4468c..9cfc16707 100644
--- a/rules/windows/process_creation/proc_creation_win_schtasks_schedule_via_masqueraded_xml_file.yml
+++ b/rules/windows/process_creation/proc_creation_win_schtasks_schedule_via_masqueraded_xml_file.yml
@@ -32,8 +32,7 @@ detection:
         CommandLine|contains:
             - '.xml'
     filter_2:
-        system_integrity:
-            IntegrityLevel: 'System'
+        IntegrityLevel: 'System'
     filter_3:
         ParentImage|contains:
             - ':\ProgramData\OEM\UpgradeTool\CareCenter_*\BUnzip\Setup_msi.exe'