From b2ce10ea2abac74f484d9359df92cbf28f3c70b1 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Tue, 21 Jun 2022 15:36:21 +0100
Subject: [PATCH] Update proc_creation_win_lolbin_findstr.yml

---
 .../process_creation/proc_creation_win_lolbin_findstr.yml       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_lolbin_findstr.yml b/rules/windows/process_creation/proc_creation_win_lolbin_findstr.yml
index 47e0aba3f..050c8db1a 100644
--- a/rules/windows/process_creation/proc_creation_win_lolbin_findstr.yml
+++ b/rules/windows/process_creation/proc_creation_win_lolbin_findstr.yml
@@ -33,7 +33,7 @@ detection:
         CommandLine|contains:
             - /i
             - -i
-  condition: selectionFindstr and (all of selection_cli_download* or all of selection_cli_creds*)
+    condition: selectionFindstr and (all of selection_cli_download* or all of selection_cli_creds*)
 falsepositives:
     - Administrative findstr usage
 level: medium