From a4adfe96bd1aa45ea6fa7f67ccafe31d39c8346d Mon Sep 17 00:00:00 2001
From: phantinuss <79651203+phantinuss@users.noreply.github.com>
Date: Mon, 7 Mar 2022 11:20:34 +0100
Subject: [PATCH] chore: increase status to stable

---
 .../process_creation/proc_creation_win_susp_procdump_lsass.yml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml b/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml
index 8efcfe570..cbfb16323 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml
@@ -1,7 +1,7 @@
 title: Suspicious Use of Procdump on LSASS
 id: 5afee48e-67dd-4e03-a783-f74259dcf998
 description: Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable.
-status: experimental
+status: stable
 references:
     - Internal Research
 author: Florian Roth