Update lateral_movement_remote_file_copy_hidden_share.toml

Samirbous · Samirbous · commit a6d52d3de3a7 · 2025-12-11T15:25:04.000Z
diff --git a/rules/windows/lateral_movement_remote_file_copy_hidden_share.toml b/rules/windows/lateral_movement_remote_file_copy_hidden_share.toml
@@ -83,7 +83,7 @@ type = "eql"
 
 query = '''
 process where host.os.type == "windows" and event.type == "start" and user.id != "S-1-5-18" and
-  process.name : ("cmd.exe", "powershell.exe") and 
+  process.name : ("cmd.exe", "powershell.exe") and
   process.command_line : "*\\\\*\\*$*" and process.command_line : ("* copy*", "* move*", "* cp *", "* mv *")
 '''
 
