From 8efc81a08e437987b26d85be43d6951a55997021 Mon Sep 17 00:00:00 2001
From: IntelScott <99858125+tropChaud@users.noreply.github.com>
Date: Tue, 29 Aug 2023 16:38:20 -0400
Subject: [PATCH] Update proc_creation_win_cmd_mklink_osk_cmd.yml

Recommend a change in the Tactic mapping
---
 .../process_creation/proc_creation_win_cmd_mklink_osk_cmd.yml  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_cmd_mklink_osk_cmd.yml b/rules/windows/process_creation/proc_creation_win_cmd_mklink_osk_cmd.yml
index fe58e5519c1..fa4cdf120ba 100644
--- a/rules/windows/process_creation/proc_creation_win_cmd_mklink_osk_cmd.yml
+++ b/rules/windows/process_creation/proc_creation_win_cmd_mklink_osk_cmd.yml
@@ -9,7 +9,8 @@ author: frack113
 date: 2022/12/11
 modified: 2022/12/20
 tags:
-    - attack.credential_access
+    - attack.privilege_escalation
+    - attack.persistence
     - attack.t1546.008
 logsource:
     product: windows