Merge pull request #1890 from frack113/update_conti_ref

update ref from conti_leak

rules/windows/builtin/win_software_discovery.yml

@@ -7,6 +7,7 @@ author: Nikita Nazarov, oscd.community
 date: 2020/10/16
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md
+    - https://github.com/harleyQu1nn/AggressorScripts #AVQuery.cna
 tags:
     - attack.discovery
     - attack.t1518
@@ -19,6 +20,7 @@ detection:
 logsource:
     product: windows
     service: powershell
+    definition: 'Script block logging must be enabled'
 detection:
     selection:
         EventID: 4104