From f3abef8b5fa24515439604abb44c26e9babc544f Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Thu, 24 Mar 2022 11:34:00 +0100
Subject: [PATCH] fix: indentation

---
 .../proc_creation_win_susp_powershell_download_cradles.yml    | 4 ++--
 .../proc_creation_win_susp_powershell_download_iex.yml        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml
index eb0489af1..3082a3280 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml
@@ -7,8 +7,8 @@ date: 2022/03/24
 references:
    - https://github.com/VirtualAlllocEx/Payload-Download-Cradles/blob/main/Download-Cradles.cmd
 logsource:
-product: windows
-category: process_creation
+   product: windows
+   category: process_creation
 detection:
    selection:
       # Marker
diff --git a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml
index 6ee143d78..01a5d70cd 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml
@@ -7,8 +7,8 @@ date: 2022/03/24
 references:
    - https://github.com/VirtualAlllocEx/Payload-Download-Cradles/blob/main/Download-Cradles.cmd
 logsource:
-product: windows
-category: process_creation
+   product: windows
+   category: process_creation
 detection:
    selection:
       CommandLine|contains: