Update sysmon_alternate_powershell_hosts_pipe.yml

rules/windows/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml

@@ -6,7 +6,7 @@ author: Roberto Rodriguez @Cyb3rWard0g
 references:
   - https://threathunterplaybook.com/notebooks/windows/02_execution/WIN-190815181010.html
 date: 2019/09/12
-modified: 2021/12/03
+modified: 2021/12/17
 logsource:
   product: windows
   category: pipe_created
@@ -18,9 +18,10 @@ detection:
       - '\powershell.exe'
       - '\powershell_ise.exe'
       - '\WINDOWS\System32\sdiagnhost.exe'
+      - '\WINDOWS\System32\wsmprovhost.exe'
   filter2:
-    Image:
-  condition: selection and not filter1 and not filter2
+    Image: null
+  condition: selection and not 1 of filter*
 fields:
   - ComputerName
   - User