docs: improved false positive notes

lukiffer · Oct 12, 2020 · 0d0cda0 · 0d0cda0
1 parent e7c6794
commit 0d0cda0
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/rules/windows/process_creation/win_susp_wmi_execution.yml b/rules/windows/process_creation/win_susp_wmi_execution.yml
@@ -29,6 +29,5 @@ tags:
     - attack.t1047
     - car.2016-03-002
 falsepositives:
-    - Will need to be tuned
-    - If using Splunk, I recommend | stats count by Computer,CommandLine following for easy hunting by Computer/CommandLine.
+    - If using Splunk, we recommend | stats count by Computer,CommandLine following for easy hunting by Computer/CommandLine
 level: medium