Update win_wmi_persistence.yml

Removed sequence of EIDs in Windows Security section.

rules/windows/other/win_wmi_persistence.yml

@@ -38,13 +38,8 @@ logsource:
     product: windows
     service: security
 detection:
-    network_logon:
-        EventID: 4624
-        LogonType: 3
-    privileges_assigned:
-        EventID: 4672
     wmi_subscription:
         EventID: 4662
         ObjectType: 'WMI Namespace'
         ObjectName|contains: 'subscription'
-    condition: network_logon and privileges_assigned and wmi_subscription
+    condition: wmi_subscription