From ff98991c806299a9d5605946bdbb2fde12929fb7 Mon Sep 17 00:00:00 2001
From: Thomas Patzke <thomas@patzke.org>
Date: Thu, 18 Oct 2018 16:20:51 +0200
Subject: [PATCH] Fixed rule

---
 rules/windows/powershell/powershell_xor_commandline.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/powershell/powershell_xor_commandline.yml b/rules/windows/powershell/powershell_xor_commandline.yml
index b7d3cf63..7b5d3898 100644
--- a/rules/windows/powershell/powershell_xor_commandline.yml
+++ b/rules/windows/powershell/powershell_xor_commandline.yml
@@ -1,3 +1,4 @@
+action: global
 title: Suspicious Encoded PowerShell Command Line
 description: Detects suspicious powershell process which includes bxor command, alternatvide obfuscation method to b64 encoded commands.
 status: experimental