Update discovery_remote_system_discovery_commands_windows.toml (#2033)

w0rk3r · github-actions[bot] · commit 8a076e7916cc · 2022-06-14T13:53:28.000Z
(cherry picked from commit c8ff1dc)
diff --git a/rules/windows/discovery_remote_system_discovery_commands_windows.toml b/rules/windows/discovery_remote_system_discovery_commands_windows.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/12/04"
 maturity = "production"
-updated_date = "2022/04/21"
+updated_date = "2022/06/14"
 
 [rule]
 author = ["Elastic"]
@@ -62,8 +62,8 @@ type = "eql"
 
 query = '''
 process where event.type in ("start", "process_started") and
-  (process.name : "nbtstat.exe" and process.args : ("-n", "-s")) or
-  (process.name : "arp.exe" and process.args : "-a")
+  ((process.name : "nbtstat.exe" and process.args : ("-n", "-s")) or
+  (process.name : "arp.exe" and process.args : "-a"))
 '''
 
 
