From d9a749eec03f46fbbd603b3e38f96276ef2cb57f Mon Sep 17 00:00:00 2001
From: Sittikorn S <61369934+BlackB0lt@users.noreply.github.com>
Date: Tue, 22 Jun 2021 16:35:46 +0700
Subject: [PATCH] Update and rename win_script_event_consumer_spawn to
 win_script_event_consumer_spawn.yml

---
 ..._event_consumer_spawn => win_script_event_consumer_spawn.yml} | 1 +
 1 file changed, 1 insertion(+)
 rename rules/windows/process_creation/{win_script_event_consumer_spawn => win_script_event_consumer_spawn.yml} (97%)

diff --git a/rules/windows/process_creation/win_script_event_consumer_spawn b/rules/windows/process_creation/win_script_event_consumer_spawn.yml
similarity index 97%
rename from rules/windows/process_creation/win_script_event_consumer_spawn
rename to rules/windows/process_creation/win_script_event_consumer_spawn.yml
index 3f7616da4..7c525990e 100644
--- a/rules/windows/process_creation/win_script_event_consumer_spawn
+++ b/rules/windows/process_creation/win_script_event_consumer_spawn.yml
@@ -28,6 +28,7 @@ detection:
             - '\mshta.exe'
             - '\rundll32.exe'
             - '\msiexec.exe'
+            - '\msbuild.exe'
     condition: selection
 fields:
     - CommandLine