fix: use tab instead of space characters for indentation

phantinuss · phantinuss · commit def0883ad632 · 2021-07-28T13:49:32.000+02:00
diff --git a/sysmonconfig-export.xml b/sysmonconfig-export.xml
@@ -478,11 +478,11 @@
 		<!--DATA: UtcTime, SourceProcessGuid, SourceProcessId, SourceThreadId, SourceImage, TargetProcessGuid, TargetProcessId, TargetImage, GrantedAccess, CallTrace-->
 	<RuleGroup name="" groupRelation="or">
 		<ProcessAccess onmatch="include">
-            <CallTrace condition="begin with">UNKNOWN</CallTrace> <!-- CobaltStrike BOF using NtOpenProcess Ref: https://medium.com/falconforce/falconfriday-direct-system-calls-and-cobalt-strike-bofs-0xff14-741fa8e1bdd6 -->
-            <Rule groupRelation="and">
-                <TargetImage name="lsass.exe access" condition="end with">lsass.exe</TargetImage>
-                <GrantedAccess condition="contains any">0x40,0x1000,0x1010,0x1038,0x1410,0x1418,0x1438,0x143a,0x100000,0x1f0fff,0x1f1fff,0x1f2fff,0x1f3fff,0x1fffff</GrantedAccess> <!--0x1400 too noisy-->
-            </Rule>
+			<CallTrace condition="begin with">UNKNOWN</CallTrace> <!-- CobaltStrike BOF using NtOpenProcess Ref: https://medium.com/falconforce/falconfriday-direct-system-calls-and-cobalt-strike-bofs-0xff14-741fa8e1bdd6 -->
+			<Rule groupRelation="and">
+				<TargetImage name="lsass.exe access" condition="end with">lsass.exe</TargetImage>
+				<GrantedAccess condition="contains any">0x40,0x1000,0x1010,0x1038,0x1410,0x1418,0x1438,0x143a,0x100000,0x1f0fff,0x1f1fff,0x1f2fff,0x1f3fff,0x1fffff</GrantedAccess> <!--0x1400 too noisy-->
+			</Rule>
 		</ProcessAccess>
 	</RuleGroup>
 
