From cc7aebe9b6e90e124cfa242ec8196dbf2bb5d466 Mon Sep 17 00:00:00 2001
From: yugoslavskiy <daniil@yugoslavskiy.com>
Date: Tue, 5 Nov 2019 04:42:53 +0300
Subject: [PATCH] Update win_service_execution.yml

---
 rules/windows/process_creation/win_service_execution.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_service_execution.yml b/rules/windows/process_creation/win_service_execution.yml
index cf8fcfe3c..830e15fac 100644
--- a/rules/windows/process_creation/win_service_execution.yml
+++ b/rules/windows/process_creation/win_service_execution.yml
@@ -17,7 +17,7 @@ detection:
             - '*\net.exe'
             - '*\net1.exe'
         CommandLine|re: '.*start.*[a-zA-Z0-9]' # search for a service name after 'net start', avoiding intersection with "service discovery" technique detection rules
-    condition:  selection
+    condition: selection
 falsepositives:
     - Legitimate administrator or user executes a service for legitimate reason
 level: low