Updated Rule

Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.

rules/windows/process_creation/Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml

@@ -1,22 +1,22 @@
-title: Monitor WMI "Win32_Process::Create" command execution by Office Applications.
-description: Initial execution of malicious document calls wmic to execute the file with regsvr32
+title: WMI Command Execution by Office Applications
+description: Initial execution of malicious document calls wmic Win32_Process::Create to execute the file with regsvr32
 references:
-- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
-- https://github.com/vadim-hunter/Detection-Ideas-Rules/blob/main/Threat%20Intelligence/The%20DFIR%20Report/20210329_Sodinokibi_(aka_REvil)_Ransomware.yaml
-author: "Idea by: Vadim Khrykov"
+    - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
+    - https://github.com/vadim-hunter/Detection-Ideas-Rules/blob/main/Threat%20Intelligence/The%20DFIR%20Report/20210329_Sodinokibi_(aka_REvil)_Ransomware.yaml
+author: "Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule)"
 tags:
-- attack.t1204.002
-- attack.t1047
-- attack.t1218.010
-- attack.execution
-- attack.defence_evasion
+    - attack.t1204.002
+    - attack.t1047
+    - attack.t1218.010
+    - attack.execution
+    - attack.defence_evasion
 status: experimental
 Date: 2021/23/8
 logsource:
   product: EndPoint Detection Logs
   category: process_creation
 detection:
-  description: Add more office applications to the rule logic of choice
+  #useful_information: Add more office applications to the rule logic of choice
   selection1:
     EventLog: EDR
     EventType: WMIExecution
@@ -28,5 +28,5 @@ detection:
       - '*\powerpnt.exe'
   condition: selection1 AND selection2
 falsepositives:
-- ""
-level: high
+- Unknown
+level: high