add whitespace to regex

Author: 0xC0FFEEEE

detections/endpoint/linux_proxy_socks_curl.yml

@@ -21,7 +21,7 @@ search: '| tstats `security_content_summariesonly` count min(_time) as firstTime
   "*--preproxy *", "--proxy*") by Processes.dest Processes.user Processes.parent_process_name
   Processes.process_name Processes.process Processes.process_id Processes.parent_process_id
   | `drop_dm_object_name(Processes)` | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)`
-  | where match(process, "-x") OR match(process, "(?i)socks\d\w?:\/\/|--(pre)?proxy") | `linux_proxy_socks_curl_filter`'
+  | where match(process, "-x\s") OR match(process, "(?i)socks\d\w?:\/\/|--(pre)?proxy") | `linux_proxy_socks_curl_filter`'
 how_to_implement: The detection is based on data that originates from Endpoint Detection
   and Response (EDR) agents. These agents are designed to provide security-related
   telemetry from the endpoints where the agent is installed. To implement this search,