Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel

rules/windows/process_creation/win_procdump.yml

@@ -1,5 +1,5 @@
 title: Procdump Usage
-id: 03795938-1387-481b-9f4c-3f6241e604fe
+id: 2e65275c-8288-4ab4-aeb7-6274f58b6b20
 description: Detects uses of the SysInternals Procdump utility
 status: experimental
 references:

rules/windows/process_creation/win_susp_procdump.yml

@@ -16,11 +16,11 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine|contains:
+        CommandLine|contains|all:
             - ' -ma '
             - ' -accepteula '
     condition: selection
 falsepositives:
     - Another tool that uses the command line switches of Procdump
     - Legitimate use of procdump by a developer or administrator
-level: high
+level: high