Update detect-exploitation-of-cve-2018-8653.md

tali-ash · web-flow · commit e24f49572ba8 · 2020-07-23T15:04:24.000+03:00
diff --git a/Execution/detect-exploitation-of-cve-2018-8653.md b/Execution/detect-exploitation-of-cve-2018-8653.md
@@ -11,8 +11,8 @@ The following queries detect possible exploitation of this CVE.
 ## Query
 
 ```Kusto
-​ProcessCreationEvents
-| where EventTime > ago(7d)
+DeviceProcessEvents 
+| where Timestamp > ago(7d)
 and InitiatingProcessFileName =~ "svchost.exe"
 and InitiatingProcessCommandLine contains "WinHttpAutoProxySvc"
 and FileName !~ "pacjsworker.exe"
@@ -44,4 +44,4 @@ This query can be used to detect the following attack techniques and tactics ([s
 
 ## Contributor info
 
-**Contributor:** Microsoft Threat Protection team
+**Contributor:** Microsoft Threat Protection team
