From 97dacc4ffc3fd96341c9e65a8fa238bc313bc2f7 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Sun, 6 Feb 2022 14:17:38 +0100
Subject: [PATCH] refactor: increased level to medium

---
 .../powershell/powershell_script/posh_ps_get_adreplaccount.yml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/powershell/powershell_script/posh_ps_get_adreplaccount.yml b/rules/windows/powershell/powershell_script/posh_ps_get_adreplaccount.yml
index 978e75bf6..2518b05ed 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_get_adreplaccount.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_get_adreplaccount.yml
@@ -22,7 +22,7 @@ detection:
     condition: selection
 falsepositives:
     - Legitimate PowerShell scripts
-level: low
+level: medium
 tags:
     - attack.credential_access
     - attack.t1003.006