From c2c25acbb6b6cfac53decf236ff04880349b1444 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 21 Jun 2022 17:21:55 +0200
Subject: [PATCH] docs: rules adjusted

---
 .../image_load_alternate_powershell_hosts_moduleload.yml      | 2 +-
 .../proc_creation_win_susp_commandline_chars.yml              | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml b/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
index e1d86aaf6..ddd6e5490 100644
--- a/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
+++ b/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
@@ -29,4 +29,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Unknown
-level: medium
+level: low 
\ No newline at end of file
diff --git a/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml b/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml
index 9eb91a162..25e5f8a94 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml
@@ -1,9 +1,9 @@
 title: Suspicious Characters in CommandLine
 id: 2c0d2d7b-30d6-4d14-9751-7b9113042ab9
 status: experimental
-description: Detects suspicious characters in the command line, which could be a sign of obfuscation
+description: Detects suspicious Unicode characters in the command line, which could be a sign of obfuscation or defense evasion
 date: 2022/04/27
-author: 'Florian Roth'
+author: Florian Roth
 references:
    - https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation
 logsource: