Fix formatting and improve YAML clarity

vl43den · web-flow · commit 34da43b2fa95 · 2025-12-17T22:39:19.000+01:00
removed trailing spaces
diff --git a/rules/linux/process_creation/proc_creation_lnx_azure_run_command_suspicious_child.yml b/rules/linux/process_creation/proc_creation_lnx_azure_run_command_suspicious_child.yml
@@ -5,7 +5,7 @@ related:
       type: similar
 status: experimental
 description: |
-    Detects suspicious commands spawned by shell scripts running under the Azure Run Command 
+    Detects suspicious commands spawned by shell scripts running under the Azure Run Command
     extension context on Linux virtual machines.
 author: Vladan Sekulic
 date: 2025-12-17
@@ -20,7 +20,7 @@ detection:
             - '/bin/sh'
             - '/var/lib/waagent/run-command/download/'
             - '/script.sh'
-    
+            
     selection_child:
         Image|endswith:
             - '/whoami'   # recon
@@ -32,7 +32,7 @@ detection:
             - '/python3'
             - '/perl'
             - '/socat'    # port forwarding/shell
-    
+            
     condition: selection_parent and selection_child
 falsepositives:
     - Custom admin scripts invoking specific diagnostics
