Update RareProcessWithCmdLine.yaml

Hunting Queries/SecurityEvent/RareProcessWithCmdLine.yaml

@@ -21,7 +21,7 @@ query: |
     SecurityEvent
       | where TimeGenerated >= ago(30d)
       | where EventID == 4688
-      | where isnotempty(CommandLine) and NewProcessName !endswith ":\\windows\\system32\\conhost.exe" and CommandLine !~ NewProcessName and CommandLine !~ strcat('\"',NewProcessName,'\"'," "))
+      | where isnotempty(CommandLine) and NewProcessName !endswith ":\\windows\\system32\\conhost.exe" and CommandLine !~ NewProcessName and CommandLine !~ strcat('\"',NewProcessName,'\"'," ")
       | extend CommandLine=tolower(CommandLine)
       | summarize FullCount = count()
                   , Count= countif(TimeGenerated between (v_StartTime .. v_EndTime))
@@ -36,4 +36,4 @@ query: |
   basic_avg 
     on NewProcessName, CommandLine | project-away NewProcessName1, CommandLine1
     | where Count < 7 or (Count <= Avg*0.01 and Count < 100) 
-    | extend HostCustomEntity=Computer
+    | extend HostCustomEntity=Computer