From c533f8fcf2849e7ada6e37ae0a963fe68c162cbb Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 27 Feb 2023 11:37:52 +0100
Subject: [PATCH] fix: typos and title

---
 .../firewall_as/win_firewall_as_add_rule_susp_folder.yml    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rules/windows/builtin/firewall_as/win_firewall_as_add_rule_susp_folder.yml b/rules/windows/builtin/firewall_as/win_firewall_as_add_rule_susp_folder.yml
index d3b93bcb7..69e4ccaef 100644
--- a/rules/windows/builtin/firewall_as/win_firewall_as_add_rule_susp_folder.yml
+++ b/rules/windows/builtin/firewall_as/win_firewall_as_add_rule_susp_folder.yml
@@ -1,10 +1,10 @@
-title: New Firewall Rule Added For Suspicius Folder
+title: New Firewall Exception Rule Added For A Suspicious Folder
 id: 9e2575e7-2cb9-4da1-adc8-ed94221dca5e
 related:
     - id: cde0a575-7d3d-4a49-9817-b8004a7bf105
       type: derived
 status: experimental
-description: Detects when a rule has been added to the Windows Firewall exception list for a suspicius folder
+description: Detects the addition of a rule to the Windows Firewall exception list where the application resides in a suspicious folder
 references:
     - https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd364427(v=ws.10)
     - https://app.any.run/tasks/7123e948-c91e-49e0-a813-00e8d72ab393/#
@@ -22,4 +22,6 @@ detection:
     filter_block:
         Action: 2
     condition: selection and not 1 of filter_*
+falsepositives:
+    - Unknown
 level: high