From ab60fdcef471fc0360b7c561d7df4ce27d3f2dc6 Mon Sep 17 00:00:00 2001
From: Vasiliy Burov <vasebur@gmail.com>
Date: Thu, 29 Oct 2020 23:38:22 +0300
Subject: [PATCH] Update win_susp_multiple_files_renamed_or_deleted.yml

---
 .../file_event/win_susp_multiple_files_renamed_or_deleted.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
index 5670c4c31..488512208 100644
--- a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
+++ b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
@@ -22,6 +22,6 @@ detection:
     timeframe: 30s
     condition: selection | count() by SubjectLogonId > 10
 falsepositives:
-    - software uninstallation
-    - files restore activities
+    - Software uninstallation
+    - Files restore activities
 level: high