[Rule Tuning] Connection to Commonly Abused Web Services (#2728)

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

rules/windows/command_and_control_common_webservices.toml

@@ -4,7 +4,7 @@ integration = ["endpoint"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2023/04/17"
+updated_date = "2023/04/20"
 
 [transform]
 [[transform.osquery]]
@@ -157,12 +157,12 @@ network where host.os.type == "windows" and network.protocol == "dns" and
     
       /* Discord App */
       (process.name : "Discord.exe" and (process.code_signature.subject_name : "Discord Inc." and
-       process.code_signature.trusted == true) and not dns.question.name : ("discord.com", "cdn.discordapp.com", "discordapp.com")
+       process.code_signature.trusted == true) and dns.question.name : ("discord.com", "cdn.discordapp.com", "discordapp.com")
       ) or 
 
       /* MS Sharepoint */
       (process.name : "Microsoft.SharePoint.exe" and (process.code_signature.subject_name : "Microsoft Corporation" and
-       process.code_signature.trusted == true) and not dns.question.name : "onedrive.live.com"
+       process.code_signature.trusted == true) and dns.question.name : "onedrive.live.com"
       ) or 
 
       /* Firefox */