From 70b106ef529fd0e0d2ee8d48111342e97f259adb Mon Sep 17 00:00:00 2001
From: Steven <steven@teamg.be>
Date: Thu, 15 Apr 2021 02:11:13 +0200
Subject: [PATCH] Fix syntax error

---
 .../process_creation/cmstp_execution.yml      | 22 -------------------
 1 file changed, 22 deletions(-)

diff --git a/rules/windows/process_creation/cmstp_execution.yml b/rules/windows/process_creation/cmstp_execution.yml
index 330c43bd..7a27dc2f 100644
--- a/rules/windows/process_creation/cmstp_execution.yml
+++ b/rules/windows/process_creation/cmstp_execution.yml
@@ -21,28 +21,6 @@ fields:
 falsepositives:
     - Legitimate CMSTP use (unlikely in modern enterprise environments)
 level: high
----
-logsource:
-    product: windows
-    category: registry_event
-detection:
-    # Registry Object Add
-    selection2:
-        TargetObject: '*\cmmgr32.exe*'
-        EventType: 'CreateKey'
-    # Registry Object Value Set
-    selection3:
-        TargetObject: '*\cmmgr32.exe*'
----
-logsource:
-    product: windows
-    category: process_access
-detection:
-    selection4:
-        Calltrace: '*cmlua.dll*'
----
-=======
->>>>>>> ce0111aa6a210133e6ac4f3ffb558dd22003fc15:rules/windows/process_creation/cmstp_execution.yml
 logsource:
     category: process_creation
     product: windows