From f37235581ca7785145ec1d87e33849954f0d359c Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Tue, 7 Dec 2021 10:00:58 -0300
Subject: [PATCH] Add min_stack and indexes back (#1648)

(cherry picked from commit c21337fe4f6c25910a5063cb6b3536580eecaf96)
---
 .../defense_evasion_whitespace_padding_in_command_line.toml   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rules/windows/defense_evasion_whitespace_padding_in_command_line.toml b/rules/windows/defense_evasion_whitespace_padding_in_command_line.toml
index 23fa3db3e..8978f4796 100644
--- a/rules/windows/defense_evasion_whitespace_padding_in_command_line.toml
+++ b/rules/windows/defense_evasion_whitespace_padding_in_command_line.toml
@@ -2,6 +2,8 @@
 creation_date = "2021/07/30"
 maturity = "production"
 updated_date = "2021/12/06"
+min_stack_comments = "EQL regex had a bug when dealing with wildcard fields that was fixed in 7.16"
+min_stack_version = "7.16.0"
 
 [rule]
 author = ["Elastic"]
@@ -12,7 +14,7 @@ their malicious command with unnecessary whitespace characters. These observatio
 behavior.
 """
 from = "now-9m"
-index = ["logs-endpoint.events.*"]
+index = ["winlogbeat-*", "logs-endpoint.events.*", "logs-windows.*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Whitespace Padding in Process Command Line"