From cecabddac36d6f35c230d0b95eace8eae8e93041 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Mon, 9 Aug 2021 08:28:42 +0200
Subject: [PATCH] formatting falsepositives

---
 .../azure_kubernetes_rolebinding_modified_or_deleted.yml     | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml b/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
index f805aadf5..8ab5492ea 100644
--- a/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
+++ b/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
@@ -25,7 +25,6 @@ tags:
     - attack.impact
     - attack.credential_access
 falsepositives:
- - RoleBinding/ClusterRoleBinding being modified and deleted may be performed by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. RoleBinding/ClusterRoleBinding modification from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.
-
-
+ - RoleBinding/ClusterRoleBinding being modified and deleted may be performed by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. 
+ - RoleBinding/ClusterRoleBinding modification from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.