From c4d8be378083ea6fbd1a0bf7cb78772149b4e198 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 9 Feb 2023 16:06:09 +0100
Subject: [PATCH] fix: duplicate titles

---
 ...ion_win_office_outlook_enable_unsafe_client_mail_rules.yml | 4 ++--
 ...reation_win_office_outlook_susp_child_processes_remote.yml | 2 +-
 ...try_set_office_outlook_enable_unsafe_client_mail_rules.yml | 3 ++-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules.yml b/rules/windows/process_creation/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules.yml
index 8b9556969..1b47fe697 100644
--- a/rules/windows/process_creation/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules.yml
+++ b/rules/windows/process_creation/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules.yml
@@ -1,4 +1,4 @@
-title: Suspicious Outlook Remote Child Process
+title: Outlook EnableUnsafeClientMailRules Setting Enabled
 id: 55f0a3a1-846e-40eb-8273-677371b8d912
 related:
     - id: 6763c6c8-bd01-4687-bc8d-4fa52cf8ba08 # Registry variation
@@ -9,7 +9,7 @@ references:
     - https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
     - https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook?slide=44
     - https://support.microsoft.com/en-us/topic/how-to-control-the-rule-actions-to-start-an-application-or-run-a-macro-in-outlook-2016-and-outlook-2013-e4964b72-173c-959d-5d7b-ead562979048
-author: Markus Neis
+author: Markus Neis, Nasreddine Bencherchali (Nextron Systems)
 date: 2018/12/27
 modified: 2023/02/09
 tags:
diff --git a/rules/windows/process_creation/proc_creation_win_office_outlook_susp_child_processes_remote.yml b/rules/windows/process_creation/proc_creation_win_office_outlook_susp_child_processes_remote.yml
index 2840ab1a7..32d888937 100644
--- a/rules/windows/process_creation/proc_creation_win_office_outlook_susp_child_processes_remote.yml
+++ b/rules/windows/process_creation/proc_creation_win_office_outlook_susp_child_processes_remote.yml
@@ -9,7 +9,7 @@ references:
     - https://github.com/sensepost/ruler
     - https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
     - https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook?slide=49
-author: Markus Neis
+author: Markus Neis, Nasreddine Bencherchali (Nextron Systems)
 date: 2018/12/27
 modified: 2023/02/09
 tags:
diff --git a/rules/windows/registry/registry_set/registry_set_office_outlook_enable_unsafe_client_mail_rules.yml b/rules/windows/registry/registry_set/registry_set_office_outlook_enable_unsafe_client_mail_rules.yml
index f20725ead..257597d58 100644
--- a/rules/windows/registry/registry_set/registry_set_office_outlook_enable_unsafe_client_mail_rules.yml
+++ b/rules/windows/registry/registry_set/registry_set_office_outlook_enable_unsafe_client_mail_rules.yml
@@ -1,4 +1,4 @@
-title: Outlook Security EnableUnsafeClientMailRules Setting Enabled
+title: Outlook EnableUnsafeClientMailRules Setting Enabled - Registry
 id: 6763c6c8-bd01-4687-bc8d-4fa52cf8ba08
 related:
     - id: c3cefdf4-6703-4e1c-bad8-bf422fc5015a
@@ -12,6 +12,7 @@ references:
     - https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook?slide=44
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/02/08
+modified: 2023/02/09
 tags:
     - attack.defense_evasion
     - attack.t1112