From c8ff1dc9cb2931f8e8593128eb173c166993a68a Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Tue, 14 Jun 2022 10:50:59 -0300
Subject: [PATCH] Update
 discovery_remote_system_discovery_commands_windows.toml (#2033)

---
 .../discovery_remote_system_discovery_commands_windows.toml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/discovery_remote_system_discovery_commands_windows.toml b/rules/windows/discovery_remote_system_discovery_commands_windows.toml
index 77378772c..aa03689fc 100644
--- a/rules/windows/discovery_remote_system_discovery_commands_windows.toml
+++ b/rules/windows/discovery_remote_system_discovery_commands_windows.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/12/04"
 maturity = "production"
-updated_date = "2022/04/21"
+updated_date = "2022/06/14"
 
 [rule]
 author = ["Elastic"]
@@ -62,8 +62,8 @@ type = "eql"
 
 query = '''
 process where event.type in ("start", "process_started") and
-  (process.name : "nbtstat.exe" and process.args : ("-n", "-s")) or
-  (process.name : "arp.exe" and process.args : "-a")
+  ((process.name : "nbtstat.exe" and process.args : ("-n", "-s")) or
+  (process.name : "arp.exe" and process.args : "-a"))
 '''