From f4cebfe7acbfda5f3c84cf4837bdba96a8470acc Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 12 Dec 2022 10:42:34 +0100
Subject: [PATCH] fix: update title and description to reflect logic

---
 .../proc_creation_win_nslookup_poweshell_download.yml     | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml b/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
index a25ed13bc..3d3b48e65 100644
--- a/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
+++ b/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
@@ -1,11 +1,15 @@
-title: Nslookup PowerShell Download
+title: Nslookup PowerShell Download Cradle - ProcessCreation
 id: 1b3b01c7-84e9-4072-86e5-fc285a41ff23
+related:
+    - id: 72671447-4352-4413-bb91-b85569687135
+      type: obsoletes
 status: experimental
-description: Detects usage of powershell in conjunction with nslookup as a mean of download.
+description: Detects suspicious powershell download cradle using nslookup. This cradle uses nslookup to extract payloads from DNS records
 references:
     - https://twitter.com/Alh4zr3d/status/1566489367232651264
 author: Nasreddine Bencherchali
 date: 2022/09/05
+modified: 2022/12/12
 tags:
     - attack.defense_evasion
 logsource: