Merge pull request #3929 from phantinuss/master

fix: FP found in testing

rules/windows/powershell/powershell_script/posh_ps_nishang_malicious_commandlets.yml

@@ -6,7 +6,7 @@ references:
     - https://github.com/samratashok/nishang
 author: Alec Costello
 date: 2019/05/16
-modified: 2023/01/09
+modified: 2023/01/16
 tags:
     - attack.execution
     - attack.t1059.001
@@ -43,7 +43,7 @@ detection:
             - 'FakeDC'
             - 'FireBuster'
             - 'FireListener'
-            - 'Get-Information'
+            - 'Get-Information ' # Space at the end is required. Otherwise, we get FP with Get-InformationBarrierReportDetails or Get-InformationBarrierReportSummary
             #- 'Get-PassHashes' # Covered in 89819aa4-bbd6-46bc-88ec-c7f7fe30efa6
             - 'Get-PassHints'
             - 'Get-Web-Credentials'