diff --git a/LOLRMM b/LOLRMM
index d0caa3fab..14d9e7d86 160000
--- a/LOLRMM
+++ b/LOLRMM
@@ -1 +1 @@
-Subproject commit d0caa3fabd92d8a3cd02d7dd11444071cb1b2282
+Subproject commit 14d9e7d86275ca54f7f41d97660ccaf576320018
diff --git a/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__network_sigma.md b/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__network_sigma.md
index 6174959a1..fc20c6e3d 100644
--- a/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains ".247ithelp.com" or event.dns.request contains ".247ithelp.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md b/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md
index fb7c1161b..0e691ae57 100644
--- a/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/247ithelp.com__connectwise__processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "Remote Workforce Client.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md b/SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md
index e2a5cfb03..52dd4321d 100644
--- a/SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/absolute__computrace__processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "rpcnet.exe" or src.process.image.path contains "ctes.exe" or src.process.image.path contains "ctespersitence.exe" or src.process.image.path contains "cteshostsvc.exe" or src.process.image.path contains "rpcld.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/addigy_network_sigma.md b/SentinelOne_PQ - LOLRMM/addigy_network_sigma.md
index 025ad6d3a..804cf42b1 100644
--- a/SentinelOne_PQ - LOLRMM/addigy_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/addigy_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "prod.addigy.com" or url.address contains "grtmprod.addigy.com" or url.address contains "agents.addigy.com") or (event.dns.request contains "prod.addigy.com" or event.dns.request contains "grtmprod.addigy.com" or event.dns.request contains "agents.addigy.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/aeroadmin_processes_sigma.md b/SentinelOne_PQ - LOLRMM/aeroadmin_processes_sigma.md
index 795ce4627..5b536190c 100644
--- a/SentinelOne_PQ - LOLRMM/aeroadmin_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/aeroadmin_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "aeroadmin.exe" or src.process.image.path contains "AeroAdmin.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/alpemix_files_sigma.md b/SentinelOne_PQ - LOLRMM/alpemix_files_sigma.md
index 649dc07a9..cf165a864 100644
--- a/SentinelOne_PQ - LOLRMM/alpemix_files_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/alpemix_files_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and tgt.file.path contains "%localappdata%\Alpemix\Alpemix.ini")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/anydesk_files_sigma.md b/SentinelOne_PQ - LOLRMM/anydesk_files_sigma.md
index 47e738d78..573ac931d 100644
--- a/SentinelOne_PQ - LOLRMM/anydesk_files_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/anydesk_files_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "%programdata%\AnyDesk\ad_svc.trace" or tgt.file.path contains "%programdata%\AnyDesk\connection_trace.txt" or tgt.file.path contains "%APPDATA%\AnyDesk\connection_trace.txt" or tgt.file.path contains "%APPDATA%\AnyDesk\ad.trace" or tgt.file.path contains "%APPDATA%\AnyDesk\chat\*.txt" or tgt.file.path contains "%APPDATA%\AnyDesk\user.conf" or tgt.file.path contains "%PROGRAMDATA%\AnyDesk\service.conf" or tgt.file.path contains "%APPDATA%\AnyDesk\service.conf" or tgt.file.path contains "%APPDATA%\AnyDesk\system.conf" or tgt.file.path contains "%PROGRAMDATA%\AnyDesk\system.conf" or tgt.file.path contains "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\StartUp\AnyDesk.lnk" or tgt.file.path contains "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\AnyDesk\Uninstall AnyDesk.lnk" or tgt.file.path contains "C:\Users\*\Videos\AnyDesk\*.anydesk" or tgt.file.path contains "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\*" or tgt.file.path contains "~/Library/Application Support/AnyDesk/Logs/" or tgt.file.path contains "~/.config/AnyDesk/Logs/"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/anydesk_network_sigma.md b/SentinelOne_PQ - LOLRMM/anydesk_network_sigma.md
index f9172e524..3050f62a5 100644
--- a/SentinelOne_PQ - LOLRMM/anydesk_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/anydesk_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "boot.net.anydesk.com" or url.address contains "relay-[a-f0-9]{8}.net.anydesk.com:443" or url.address contains ".anydesk.com") or (event.dns.request contains "boot.net.anydesk.com" or event.dns.request contains "relay-[a-f0-9]{8}.net.anydesk.com:443" or event.dns.request contains ".anydesk.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/anydesk_registry_sigma.md b/SentinelOne_PQ - LOLRMM/anydesk_registry_sigma.md
index c49d59e27..1641f3645 100644
--- a/SentinelOne_PQ - LOLRMM/anydesk_registry_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/anydesk_registry_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="Registry" and (endpoint.os="windows" and (registry.keyPath contains "HKLM\SOFTWARE\Clients\Media\AnyDesk" or registry.keyPath contains "HKLM\SYSTEM\CurrentControlSet\Services\AnyDesk" or registry.keyPath contains "HKLM\SOFTWARE\Classes\.anydesk\shell\open\command" or registry.keyPath contains "HKLM\SOFTWARE\Classes\AnyDesk\shell\open\command" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\AnyDesk Printer\*" or registry.keyPath contains "HKLM\DRIVERS\DriverDatabase\DeviceIds\USBPRINT\AnyDesk" or registry.keyPath contains "HKLM\DRIVERS\DriverDatabase\DeviceIds\WSDPRINT\AnyDesk" or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/atera_files_sigma.md b/SentinelOne_PQ - LOLRMM/atera_files_sigma.md
index e2724b769..844418d77 100644
--- a/SentinelOne_PQ - LOLRMM/atera_files_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/atera_files_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRunCommandInteractive\log.txt" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\*" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" or tgt.file.path contains "C:\Program Files\Atera Networks\AlphaAgent.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageFileExplorer\AgentPackageFileExplorer.exe" or tgt.file.path contains "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRunCommandInteractive\AgentPackageRunCommandInteractive.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/atera_network_sigma.md b/SentinelOne_PQ - LOLRMM/atera_network_sigma.md
index ec9d4b25c..c948f407c 100644
--- a/SentinelOne_PQ - LOLRMM/atera_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/atera_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "pubsub.atera.com" or url.address contains "pubsub.pubnub.com" or url.address contains "agentreporting.atera.com" or url.address contains "getalphacontrol.com" or url.address contains "app.atera.com" or url.address contains "agenthb.atera.com" or url.address contains "packagesstore.blob.core.windows.net" or url.address contains "ps.pndsn.com" or url.address contains "agent-api.atera.com" or url.address contains "cacerts.thawte.com" or url.address contains "agentreportingstore.blob.core.windows.net" or url.address contains "atera-agent-heartbeat.servicebus.windows.net" or url.address contains "ps.atera.com" or url.address contains "atera.pubnubapi.com" or url.address contains "appcdn.atera.com") or (event.dns.request contains "pubsub.atera.com" or event.dns.request contains "pubsub.pubnub.com" or event.dns.request contains "agentreporting.atera.com" or event.dns.request contains "getalphacontrol.com" or event.dns.request contains "app.atera.com" or event.dns.request contains "agenthb.atera.com" or event.dns.request contains "packagesstore.blob.core.windows.net" or event.dns.request contains "ps.pndsn.com" or event.dns.request contains "agent-api.atera.com" or event.dns.request contains "cacerts.thawte.com" or event.dns.request contains "agentreportingstore.blob.core.windows.net" or event.dns.request contains "atera-agent-heartbeat.servicebus.windows.net" or event.dns.request contains "ps.atera.com" or event.dns.request contains "atera.pubnubapi.com" or event.dns.request contains "appcdn.atera.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/atera_processes_sigma.md b/SentinelOne_PQ - LOLRMM/atera_processes_sigma.md
index cd95a391f..a253d48cc 100644
--- a/SentinelOne_PQ - LOLRMM/atera_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/atera_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "\AgentPackageNetworkDiscovery.exe" or src.process.image.path contains "\AgentPackageTaskScheduler.exe" or src.process.image.path contains "\AteraAgent.exe" or src.process.image.path contains "atera_agent.exe" or src.process.image.path contains "atera_agent.exe" or src.process.image.path contains "ateraagent.exe" or src.process.image.path contains "syncrosetup.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/atera_registry_sigma.md b/SentinelOne_PQ - LOLRMM/atera_registry_sigma.md
index 097f60556..72c45f212 100644
--- a/SentinelOne_PQ - LOLRMM/atera_registry_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/atera_registry_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="Registry" and (endpoint.os="windows" and (registry.keyPath contains "HKLM\SOFTWARE\ATERA Networks\AlphaAgent" or registry.keyPath contains "HKLM\SYSTEM\CurrentControlSet\Services\AteraAgent" or registry.keyPath contains "KLM\SOFTWARE\WOW6432Node\Splashtop Inc." or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater" or registry.keyPath contains "HKLM\SYSTEM\ControlSet\Services\EventLog\Application\AlphaAgent" or registry.keyPath contains "HKLM\SYSTEM\ControlSet\Services\EventLog\Application\AteraAgent" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Tracing\AteraAgent_RASAPI32" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Tracing\AteraAgent_RASMANCS" or registry.keyPath contains "HKLM\SOFTWARE\ATERA Networks\*"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/azure_storage_explorer_processes_sigma.md b/SentinelOne_PQ - LOLRMM/azure_storage_explorer_processes_sigma.md
index d26c61d42..ea56a8e96 100644
--- a/SentinelOne_PQ - LOLRMM/azure_storage_explorer_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/azure_storage_explorer_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\StorageExplorer.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/bitvise_ssh_client_processes_sigma.md b/SentinelOne_PQ - LOLRMM/bitvise_ssh_client_processes_sigma.md
index de3d972ba..7664c1021 100644
--- a/SentinelOne_PQ - LOLRMM/bitvise_ssh_client_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/bitvise_ssh_client_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\BvSshClient-Inst.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/bitvise_ssh_server_processes_sigma.md b/SentinelOne_PQ - LOLRMM/bitvise_ssh_server_processes_sigma.md
index 8bd9697e0..34d0c65ad 100644
--- a/SentinelOne_PQ - LOLRMM/bitvise_ssh_server_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/bitvise_ssh_server_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\BvSshServer-Inst.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_network_sigma.md b/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_network_sigma.md
index 6e4838e86..d2b6993fe 100644
--- a/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "remotedesktop-pa.googleapis.com" or url.address contains "remotedesktop.google.com" or url.address contains "remotedesktop.google.com") or (event.dns.request contains "remotedesktop-pa.googleapis.com" or event.dns.request contains "remotedesktop.google.com" or event.dns.request contains "remotedesktop.google.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_processes_sigma.md b/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_processes_sigma.md
index 25b32b026..4b73fbd7d 100644
--- a/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/chrome_remote_desktop_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "remote_host.exe" or src.process.image.path contains "remoting_host.exe" or src.process.image.path contains "\remoting_host.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_network_sigma.md b/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_network_sigma.md
index 9a00f856f..fc2cc4298 100644
--- a/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "cloudflare.com/products/tunnel/" or event.dns.request contains "cloudflare.com/products/tunnel/"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_processes_sigma.md b/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_processes_sigma.md
index d7354f3a9..f76fb4885 100644
--- a/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/cloudflare_tunnel_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "cloudflared.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__network_sigma.md b/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__network_sigma.md
index b1892dc5a..899414411 100644
--- a/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains ".hostedrmm.com" or event.dns.request contains ".hostedrmm.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__processes_sigma.md b/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__processes_sigma.md
index 11198b025..4c8ba5ef4 100644
--- a/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/connectwise_automate__labtech__processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "ltsvc.exe" or src.process.image.path contains "ltsvcmon.exe" or src.process.image.path contains "lttray.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/connectwise_control_network_sigma.md b/SentinelOne_PQ - LOLRMM/connectwise_control_network_sigma.md
index 527607141..9e48e7dbc 100644
--- a/SentinelOne_PQ - LOLRMM/connectwise_control_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/connectwise_control_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "live.screenconnect.com" or url.address contains "control.connectwise.com") or (event.dns.request contains "live.screenconnect.com" or event.dns.request contains "control.connectwise.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/connectwise_control_processes_sigma.md b/SentinelOne_PQ - LOLRMM/connectwise_control_processes_sigma.md
index 97e0f8230..c985e8605 100644
--- a/SentinelOne_PQ - LOLRMM/connectwise_control_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/connectwise_control_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "screenconnect.clientservice.exe" or src.process.image.path contains "connectwisecontrol.client.exe" or src.process.image.path contains "screenconnect.windowsclient.exe" or src.process.image.path contains "connectwisechat-customer.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_network_sigma.md b/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_network_sigma.md
index dab05c782..e6fb8649a 100644
--- a/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "dameware.com" or event.dns.request contains "dameware.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_processes_sigma.md b/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_processes_sigma.md
index 2a5452a82..315149672 100644
--- a/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/dameware-mini_remote_control_protocol_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*dntus*.exe" or src.process.image.path contains "dwrcs.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/dameware_processes_sigma.md b/SentinelOne_PQ - LOLRMM/dameware_processes_sigma.md
index 8ac1f420a..88e4873c1 100644
--- a/SentinelOne_PQ - LOLRMM/dameware_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/dameware_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*SolarWinds-Dameware-DRS*.exe" or src.process.image.path="*DameWare Mini Remote Control*.exe" or src.process.image.path contains "dwrcs.exe" or src.process.image.path contains "\dwrcst.exe" or src.process.image.path contains "DameWare Remote Support.exe" or src.process.image.path="*SolarWinds-Dameware-MRC*.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.md b/SentinelOne_PQ - LOLRMM/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.md
index 75ca94e3d..610ef007d 100644
--- a/SentinelOne_PQ - LOLRMM/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview" or event.dns.request contains "learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/dropbox_processes_sigma.md b/SentinelOne_PQ - LOLRMM/dropbox_processes_sigma.md
index 488491c01..d7a90f7d8 100644
--- a/SentinelOne_PQ - LOLRMM/dropbox_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/dropbox_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\Dropbox.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/eset_remote_administrator_network_sigma.md b/SentinelOne_PQ - LOLRMM/eset_remote_administrator_network_sigma.md
index de746bd19..477c46538 100644
--- a/SentinelOne_PQ - LOLRMM/eset_remote_administrator_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/eset_remote_administrator_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "eset.com/me/business/remote-management/remote-administrator/") or (event.dns.request contains "user_managed" or event.dns.request contains "eset.com/me/business/remote-management/remote-administrator/")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/filezilla_processes_sigma.md b/SentinelOne_PQ - LOLRMM/filezilla_processes_sigma.md
index 3e4ddd0af..03b017cef 100644
--- a/SentinelOne_PQ - LOLRMM/filezilla_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/filezilla_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\FileZilla.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/impero_connect_network_sigma.md b/SentinelOne_PQ - LOLRMM/impero_connect_network_sigma.md
index 2b622520a..3ae430ddc 100644
--- a/SentinelOne_PQ - LOLRMM/impero_connect_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/impero_connect_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "imperosoftware.com" or event.dns.request contains "imperosoftware.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/impero_connect_processes_sigma.md b/SentinelOne_PQ - LOLRMM/impero_connect_processes_sigma.md
index d23b4bbfc..8caede558 100644
--- a/SentinelOne_PQ - LOLRMM/impero_connect_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/impero_connect_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "ImperoClientSVC.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/mremoteng_files_sigma.md b/SentinelOne_PQ - LOLRMM/mremoteng_files_sigma.md
index c225f92c4..1b63c4b99 100644
--- a/SentinelOne_PQ - LOLRMM/mremoteng_files_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/mremoteng_files_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\Users\*\AppData\Roaming\mRemoteNG\mRemoteNG.log" or tgt.file.path contains "C:\Users\*\AppData\Roaming\mRemoteNG\confCons.xml" or tgt.file.path="*C:\Users\*\AppData\*\mRemoteNG\**10\user.config"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/mremoteng_network_sigma.md b/SentinelOne_PQ - LOLRMM/mremoteng_network_sigma.md
index 54fdb82db..7997f6226 100644
--- a/SentinelOne_PQ - LOLRMM/mremoteng_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/mremoteng_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "mremoteng.org") or (event.dns.request contains "user_managed" or event.dns.request contains "mremoteng.org")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/mremoteng_processes_sigma.md b/SentinelOne_PQ - LOLRMM/mremoteng_processes_sigma.md
index bc4efd54d..61f112f19 100644
--- a/SentinelOne_PQ - LOLRMM/mremoteng_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/mremoteng_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "mRemoteNG.exe" or src.process.image.path contains "\mRemoteNG.exe" or src.process.image.path contains "\mRemoteNG.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/ngrok_network_sigma.md b/SentinelOne_PQ - LOLRMM/ngrok_network_sigma.md
index 53291faf9..a950f8add 100644
--- a/SentinelOne_PQ - LOLRMM/ngrok_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/ngrok_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "ngrok.com") or (event.dns.request contains "user_managed" or event.dns.request contains "ngrok.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/ngrok_processes_sigma.md b/SentinelOne_PQ - LOLRMM/ngrok_processes_sigma.md
index bf4ecd8cd..c5d6d1796 100644
--- a/SentinelOne_PQ - LOLRMM/ngrok_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/ngrok_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "ngrok.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/nomachine_network_sigma.md b/SentinelOne_PQ - LOLRMM/nomachine_network_sigma.md
index ab22c409f..802287e2b 100644
--- a/SentinelOne_PQ - LOLRMM/nomachine_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/nomachine_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "user_managed" or url.address contains "nomachine.com") or (event.dns.request contains "user_managed" or event.dns.request contains "nomachine.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/nomachine_processes_sigma.md b/SentinelOne_PQ - LOLRMM/nomachine_processes_sigma.md
index 94adc3b83..b17b01db7 100644
--- a/SentinelOne_PQ - LOLRMM/nomachine_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/nomachine_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*nomachine*.exe" or src.process.image.path contains "nxd.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/psexec__clone__network_sigma.md b/SentinelOne_PQ - LOLRMM/psexec__clone__network_sigma.md
index ed7ea6acc..f2825c9fc 100644
--- a/SentinelOne_PQ - LOLRMM/psexec__clone__network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/psexec__clone__network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "user_managed" or event.dns.request contains "user_managed"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/psexec__clone__processes_sigma.md b/SentinelOne_PQ - LOLRMM/psexec__clone__processes_sigma.md
index b67745e6f..b41099d4e 100644
--- a/SentinelOne_PQ - LOLRMM/psexec__clone__processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/psexec__clone__processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "paexec.exe" or src.process.image.path="*PAExec-*.exe" or src.process.image.path contains "remcom.exe" or src.process.image.path contains "remcomsvc.exe" or src.process.image.path contains "xcmd.exe" or src.process.image.path contains "xcmdsvc.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/psexec_network_sigma.md b/SentinelOne_PQ - LOLRMM/psexec_network_sigma.md
index fe1d83d81..7e42e1238 100644
--- a/SentinelOne_PQ - LOLRMM/psexec_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/psexec_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "user_managed" or event.dns.request contains "user_managed"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/psexec_processes_sigma.md b/SentinelOne_PQ - LOLRMM/psexec_processes_sigma.md
index 3f86dc23d..02ff02b3b 100644
--- a/SentinelOne_PQ - LOLRMM/psexec_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/psexec_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "psexec.exe" or src.process.image.path contains "psexecsvc.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/pulseway_network_sigma.md b/SentinelOne_PQ - LOLRMM/pulseway_network_sigma.md
index ea2c8ee38..ac04f7380 100644
--- a/SentinelOne_PQ - LOLRMM/pulseway_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/pulseway_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "pulseway.com" or event.dns.request contains "pulseway.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/putty_tray_processes_sigma.md b/SentinelOne_PQ - LOLRMM/putty_tray_processes_sigma.md
index db1d3d6ad..49600f49f 100644
--- a/SentinelOne_PQ - LOLRMM/putty_tray_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/putty_tray_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "C:\*\puttytray.exe" or src.process.image.path contains "\puttytray.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/quick_assist_network_sigma.md b/SentinelOne_PQ - LOLRMM/quick_assist_network_sigma.md
index cf30450b8..51cea64f9 100644
--- a/SentinelOne_PQ - LOLRMM/quick_assist_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/quick_assist_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains ".support.services.microsoft.com" or event.dns.request contains ".support.services.microsoft.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/quick_assist_processes_sigma.md b/SentinelOne_PQ - LOLRMM/quick_assist_processes_sigma.md
index aaeb3b021..20a7d5fa2 100644
--- a/SentinelOne_PQ - LOLRMM/quick_assist_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/quick_assist_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "quickassist.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/rclone_processes_sigma.md b/SentinelOne_PQ - LOLRMM/rclone_processes_sigma.md
index 45e5d4c59..0afa0cddd 100644
--- a/SentinelOne_PQ - LOLRMM/rclone_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/rclone_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "\rclone.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/screenconnect_files_sigma.md b/SentinelOne_PQ - LOLRMM/screenconnect_files_sigma.md
index 8d32a5315..c185135a4 100644
--- a/SentinelOne_PQ - LOLRMM/screenconnect_files_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/screenconnect_files_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path="*C:\Program Files*\ScreenConnect\App_Data\Session.db" or tgt.file.path="*C:\Program Files*\ScreenConnect\App_Data\User.xml" or tgt.file.path="*C:\ProgramData\ScreenConnect Client*\user.config"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/screenconnect_network_sigma.md b/SentinelOne_PQ - LOLRMM/screenconnect_network_sigma.md
index e13d9c602..49a45c805 100644
--- a/SentinelOne_PQ - LOLRMM/screenconnect_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/screenconnect_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "control.connectwise.com" or url.address contains ".connectwise.com" or url.address contains ".screenconnect.com") or (event.dns.request contains "control.connectwise.com" or event.dns.request contains ".connectwise.com" or event.dns.request contains ".screenconnect.com")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/screenconnect_processes_sigma.md b/SentinelOne_PQ - LOLRMM/screenconnect_processes_sigma.md
index bd0d8789c..11fc16b11 100644
--- a/SentinelOne_PQ - LOLRMM/screenconnect_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/screenconnect_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "C:\Program Files (x86)\ScreenConnect Client (Random)\ScreenConnect.ClientService.exe" or src.process.image.path contains "Remote Workforce Client.exe" or src.process.image.path contains "\*\ScreenConnect.ClientService.exe" or src.process.image.path contains "\*\ScreenConnect.WindowsClient.exe" or src.process.image.path="*screenconnect*.exe" or src.process.image.path contains "screenconnect.windowsclient.exe" or src.process.image.path contains "Remote Workforce Client.exe" or src.process.image.path="*screenconnect*.exe" or src.process.image.path="*ConnectWiseControl*.exe" or src.process.image.path="*connectwise*.exe" or src.process.image.path contains "screenconnect.windowsclient.exe" or src.process.image.path contains "screenconnect.clientservice.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop__beta__network_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop__beta__network_sigma.md
index 1ab1b086b..eb430ba64 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop__beta__network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop__beta__network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains "splashtop.com" or event.dns.request contains "splashtop.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop__beta__processes_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop__beta__processes_sigma.md
index eb9e81e91..391852b19 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop__beta__processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop__beta__processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "SRServer.exe" or src.process.image.path contains "SplashtopSOS.exe" or src.process.image.path="*Splashtop_Streamer_Windows*.exe" or src.process.image.path contains "SRManager.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop_files_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop_files_sigma.md
index 4cae670a3..2fc344881 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop_files_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop_files_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\windows\System32\winevt\Logs\Splashtop-Splashtop Streamer-Status%4Operational.evtx" or tgt.file.path contains "C:\windows\System32\winevt\Logs\Splashtop-Splashtop Streamer-Remote Session%4Operational.evtx" or tgt.file.path contains "%PROGRAMDATA%\Splashtop\Temp\log\FTCLog.txt" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\agent_log.txt" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\SPLog.txt" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\svcinfo.txt" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\sysinfo.txt" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUAgent.exe" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe" or tgt.file.path contains "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop_network_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop_network_sigma.md
index b4029933b..582a5c9df 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and (url.address contains ".splashtop.com" or event.dns.request contains ".splashtop.com"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop_processes_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop_processes_sigma.md
index 01e863ea2..cdd18cb39 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "strwinclt.exe")
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop_registry_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop_registry_sigma.md
index 8b2575c96..081a389d0 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop_registry_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop_registry_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.category="Registry" and (endpoint.os="windows" and (registry.keyPath contains "KLM\SOFTWARE\WOW6432Node\Splashtop Inc.\*" or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater" or registry.keyPath contains "HKLM\SYSTEM\CurrentControlSet\Services\SplashtopRemoteService" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Splashtop-Splashtop Streamer-Remote Session/Operational" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Splashtop-Splashtop Streamer-Status/Operational" or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater\InstallRefCount" or registry.keyPath contains "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService" or registry.keyPath contains "HKU\.DEFAULT\Software\Splashtop Inc.\*" or registry.keyPath contains "HKU\SID\Software\Splashtop Inc.\*" or registry.keyPath contains "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Splashtop PDF Remote Printer" or registry.keyPath contains "HKLM\SOFTWARE\WOW6432Node\Splashtop Inc.\Splashtop Remote Server\ClientInfo\*"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop_remote_network_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop_remote_network_sigma.md
index a0a2fdaf8..ba0149b20 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop_remote_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop_remote_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "splashtop.com" or url.address contains ".api.splashtop.com" or url.address contains ".relay.splashtop.com" or url.address contains ".api.splashtop.eu") or (event.dns.request contains "splashtop.com" or event.dns.request contains ".api.splashtop.com" or event.dns.request contains ".relay.splashtop.com" or event.dns.request contains ".api.splashtop.eu")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/splashtop_remote_processes_sigma.md b/SentinelOne_PQ - LOLRMM/splashtop_remote_processes_sigma.md
index 2a2f6c33c..02b650046 100644
--- a/SentinelOne_PQ - LOLRMM/splashtop_remote_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/splashtop_remote_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "strwinclt.exe" or src.process.image.path="*Splashtop_Streamer_Windows*.exe" or src.process.image.path contains "SplashtopSOS.exe" or src.process.image.path contains "sragent.exe" or src.process.image.path contains "srmanager.exe" or src.process.image.path contains "srserver.exe" or src.process.image.path contains "srservice.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/supremo_network_sigma.md b/SentinelOne_PQ - LOLRMM/supremo_network_sigma.md
index 5523f6b99..fe39c5445 100644
--- a/SentinelOne_PQ - LOLRMM/supremo_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/supremo_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "supremocontrol.com" or url.address contains ".supremocontrol.com" or url.address contains " .nanosystems.it") or (event.dns.request contains "supremocontrol.com" or event.dns.request contains ".supremocontrol.com" or event.dns.request contains " .nanosystems.it")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/supremo_processes_sigma.md b/SentinelOne_PQ - LOLRMM/supremo_processes_sigma.md
index a4fc7fd89..a9a162a65 100644
--- a/SentinelOne_PQ - LOLRMM/supremo_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/supremo_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "supremo.exe" or src.process.image.path contains "supremoservice.exe" or src.process.image.path contains "supremosystem.exe" or src.process.image.path contains "supremohelper.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/ultraviewer_network_sigma.md b/SentinelOne_PQ - LOLRMM/ultraviewer_network_sigma.md
index 8bffaecfe..3f0447b8a 100644
--- a/SentinelOne_PQ - LOLRMM/ultraviewer_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/ultraviewer_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains " .ultraviewer.net" or url.address contains "ultraviewer.net") or (event.dns.request contains " .ultraviewer.net" or event.dns.request contains "ultraviewer.net")))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/ultraviewer_processes_sigma.md b/SentinelOne_PQ - LOLRMM/ultraviewer_processes_sigma.md
index a347eb3f5..bedfc7695 100644
--- a/SentinelOne_PQ - LOLRMM/ultraviewer_processes_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/ultraviewer_processes_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "UltraViewer_Service.exe" or src.process.image.path contains "UltraViewer_Desktop.exe" or src.process.image.path contains "ultraviewer.exe" or src.process.image.path contains "C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe" or src.process.image.path contains "\UltraViewer_Desktop.exe" or src.process.image.path contains "ultraviewer_desktop.exe" or src.process.image.path contains "ultraviewer_service.exe" or src.process.image.path contains "UltraViewer_Desktop.exe" or src.process.image.path contains "UltraViewer_Service.exe"))
 ```
 
diff --git a/SentinelOne_PQ - LOLRMM/visual_studio_dev_tunnel_network_sigma.md b/SentinelOne_PQ - LOLRMM/visual_studio_dev_tunnel_network_sigma.md
index 8841bb104..d0a867ecf 100644
--- a/SentinelOne_PQ - LOLRMM/visual_studio_dev_tunnel_network_sigma.md	
+++ b/SentinelOne_PQ - LOLRMM/visual_studio_dev_tunnel_network_sigma.md	
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 10-10-2024 01:17:31):
+// Translated content (automatically translated on 11-10-2024 01:17:43):
 (event.category in ("DNS","Url","IP")) and (endpoint.os="windows" and ((url.address contains "global.rel.tunnels.api.visualstudio.com" or url.address contains ".rel.tunnels.api.visualstudio.com" or url.address contains ".devtunnels.ms") or (event.dns.request contains "global.rel.tunnels.api.visualstudio.com" or event.dns.request contains ".rel.tunnels.api.visualstudio.com" or event.dns.request contains ".devtunnels.ms")))
 ```