From fb0618795f7a915e99298392acdeec6edacfc963 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sun, 12 Jun 2022 17:52:37 +0200
Subject: [PATCH] Update proc_creation_win_mstsc.yml

---
 .../windows/process_creation/proc_creation_win_mstsc.yml  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_mstsc.yml b/rules/windows/process_creation/proc_creation_win_mstsc.yml
index b23281ef2..4198b7cd8 100644
--- a/rules/windows/process_creation/proc_creation_win_mstsc.yml
+++ b/rules/windows/process_creation/proc_creation_win_mstsc.yml
@@ -22,13 +22,13 @@ detection:
         - OriginalFileName: 'cmdkey.exe'
     selection_cmdkey_cli:
         CommandLine|contains|all:
-            - '/g'
-            - '/u'
-            - '/p'
+            - ' /g'
+            - ' /u'
+            - ' /p'
     condition: all of selection_mstsc* or all of selection_cmdkey*
 falsepositives:
     - Unknown
 level: medium
 tags:
     - attack.lateral_movement
-    - attack.t1021.001
\ No newline at end of file
+    - attack.t1021.001