docs: reworked rule

rules/windows/etw/file_access/file_access_win_browser_credential_stealing.yml

@@ -1,11 +1,14 @@
-title: Browser Credential Stealing
+title: Browser Credential Store Access
 id: 91cb43db-302a-47e3-b3c8-7ede481e27bf
 status: experimental
-description: Steals cookies and credentials from the user
+description: Detects suspicious processes based on name and location that access the browser credential stores which can be the sign of credential stealing
 references:
     - https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
 author: frack113
 date: 2022/04/09
+tags:
+    - attack.t1003
+    - attack.credential_access
 logsource:
     category: file_access
     product: windows
@@ -34,9 +37,6 @@ detection:
         TargetFilename|endswith: '\APPDATA\LOCAL\MICROSOFT\WINDOWS\WEBCACHE\WEBCACHEV01.DAT'
     condition: selection and not 1 of filter_*
 falsepositives:
-    - Very Probably
     - Antivirus, Anti-Spyware, Anti-Malware Software
+    - Backup software
 level: medium
-tags:
-    - attack.t1003
-    - attack.credential_access