Update AVSpringShell.yaml

Updating the in condition to in~
2022-04-05 11:33:37 -07:00 · 2022-04-05 11:33:37 -07:00 · 5282a78493
--- a/Detections/SecurityAlert/AVSpringShell.yaml
+++ b/Detections/SecurityAlert/AVSpringShell.yaml
@ -29,7 +29,7 @@ query: |
  | where ProviderName == "MDATP"
  | extend ThreatName = tostring(parse_json(ExtendedProperties).ThreatName)
  | extend ThreatFamilyName = tostring(parse_json(ExtendedProperties).ThreatFamilyName)
-  | where ThreatName in (SpringShell_threats) or ThreatFamilyName in (SpringShell_threats)
+  | where ThreatName in~ (SpringShell_threats) or ThreatFamilyName in~ (SpringShell_threats)
  | extend CompromisedEntity = tolower(CompromisedEntity)
  ) on $left.DeviceName == $right.CompromisedEntity
  | summarize by DisplayName, ThreatName, ThreatFamilyName, PublicIP, AlertSeverity, Description, tostring(LoggedOnUsers), DeviceId, TenantId , bin(TimeGenerated, 1d), CompromisedEntity, tostring(LoggedOnUsers), ProductName, Entities