Cleaned up signature descriptions and metadata.

queries/windows/lsa_secrets.yml

@@ -1,15 +1,14 @@
 title: T1003.004 LSA Secrets
-description: For simplicity, we're detecting a Cmdline used for both psexec (the test)
-  as well as direct reg.exe LSA extraction.
+description: Detect direct LSA extraction with reg.exe.
 author: keyboardcrunch
 date: 10/10/2020
-modified: null
+modified: 05/12/2020
 mitre:
    tactic: Credential Access
    technique: T1003
    subtechnique: 004
 operating_system: windows
 query: TgtProcCmdLine ContainsCIS "save HKLM\security\policy\secrets"
-false_positives: null
-tags: null
+false_positives: 
+tags: