Updated Rule

Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.

rules/windows/process_creation/Monitor_LOLBins_Process_Creations_by_Office_applications.yml

@@ -1,15 +1,15 @@
-title: Monitor LOLBins Process Creations by Office applications (Security Event Logs)
+title: Created Executables and Script Files By Office Applications
 description: This rule will monitor any office apps that spins up a new LOLBin process. This activity is pretty suspicious and should be investigated. 
 references:
-- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
-- https://github.com/vadim-hunter/Detection-Ideas-Rules/blob/main/Threat%20Intelligence/The%20DFIR%20Report/20210329_Sodinokibi_(aka_REvil)_Ransomware.yaml
-author: "Idea by: Vadim Khrykov"
+    - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
+    - https://github.com/vadim-hunter/Detection-Ideas-Rules/blob/main/Threat%20Intelligence/The%20DFIR%20Report/20210329_Sodinokibi_(aka_REvil)_Ransomware.yaml
+author: "Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule)"
 tags:
-- attack.t1204.002
-- attack.t1047
-- attack.t1218.010
-- attack.execution
-- attack.defence_evasion
+    - attack.t1204.002
+    - attack.t1047
+    - attack.t1218.010
+    - attack.execution
+    - attack.defence_evasion
 status: experimental
 Date: 2021/23/8
 logsource:
@@ -17,7 +17,7 @@ logsource:
   service: security
   category: process_creation
 detection:
-  description: add more LOLBins to the rules logic of your choice.
+  #useful_information: add more LOLBins to the rules logic of your choice.
   selection1:
     EventLog: security
     EventID: 4688
@@ -35,5 +35,5 @@ detection:
     - powerpnt.exe
   condition: selection1 AND selection2 AND selection3
 falsepositives:
-- ""
+- Unknown
 level: high