Added missed changes in win_net_ntlm_downgrade and merged duplicate rules

rules/windows/builtin/win_net_ntlm_downgrade.yml

@@ -50,4 +50,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: critical
+level: critical

rules/windows/process_creation/win_susp_finger.yml

@@ -1,23 +0,0 @@
-title: Suspicious Use Finger.exe
-id: 248f5697-2f46-4005-9bb6-b4fc643332a9
-status: experimental
-description: finger.exe for data exfiltration or download file
-references:
-    - http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
-author: omkar72, oscd.community
-date: 2020/10/11
-tags:
-    - attack.defense_evasion
-    - attack.t1218
-    - attack.command_and_control
-    - attack.t1071
-logsource:
-    category: process_creation
-    product: windows
-detection:
-    selection:
-        Image|endswith: '\finger.exe'
-    condition: selection
-falsepositives:
-    - Unknown
-level: medium

rules/windows/process_creation/win_webshell_detection.yml

@@ -2,7 +2,7 @@ title: Webshell Detection With Command Line Keywords
 id: bed2a484-9348-4143-8a8a-b801c979301c
 description: Detects certain command line parameters often used during reconnaissance activity via web shells
 author: Florian Roth, Jonhnathan Ribeiro, Anton Kutepov, oscd.community
-reference:
+references:
     - https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-ii.html
     - https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/
 date: 2017/01/01