fix indentation

SigmaHQ · Oct 10, 2024 · 1c34eaf · 1c34eaf
1 parent 3aa8ade
commit 1c34eaf
Showing 1 changed file with 12 additions and 12 deletions.
diff --git a/proc_creation_lnx_os_credential_dumping.yml b/proc_creation_lnx_os_credential_dumping.yml
@@ -15,20 +15,20 @@ logsource:
 detection:
     selection_img:
         Image|endswith:
-          - '/cp'
-          - '/mv'
-          - '/cat'
-          - '/tail'
-          - '/more'
-          - '/head'
-          - '/less'
-          - '/tac'
-          - '/grep'
+            - '/cp'
+            - '/mv'
+            - '/cat'
+            - '/tail'
+            - '/more'
+            - '/head'
+            - '/less'
+            - '/tac'
+            - '/grep'
     selection_file:
         CommandLine|contains:
-          - 'passwd'
-          - 'shadow'
-          - 'master.passwd'
+            - 'passwd'
+            - 'shadow'
+            - 'master.passwd'
     condition: selection_img and selection_file
 falsepositives:
     - Legitimate administration activities