From d14c26f5f19cedea457cbcdabc9bb1ff4800885b Mon Sep 17 00:00:00 2001
From: Cyb3rEng <88643791+Cyb3rEng@users.noreply.github.com>
Date: Thu, 9 Sep 2021 21:33:36 -0600
Subject: [PATCH] Resolved more issues from last commit as per comments

Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
---
 ...creation_by_Office_applications_using_file_extentions.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml b/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
index 55229ae7d..01a3bfa45 100644
--- a/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
+++ b/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
@@ -1,4 +1,5 @@
 title: Created Executables and Files by Office Applications
+id: c7a74c80-ba5a-486e-9974-ab9e682bc5e4
 description: This rule will monitor executable and script file creation by office applications. Please add more file extentions or magic bytes to the logic of your choice.  
 references:
     - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
@@ -9,9 +10,9 @@ tags:
     - attack.t1047
     - attack.t1218.010
     - attack.execution
-    - attack.defence_evasion
+    - attack.defense_evasion
 status: experimental
-Date: 2021/08/23
+date: 2021/08/23
 logsource:
   product: Windows
   category: file_event