Branch was auto-updated.

.gitignore

@@ -1,5 +1,6 @@
 # Ignore example files from contentctl tool
 apps/
+dist/
 test_results/
 detections/*/.yml.example
 stories/*.yml.example

baselines/previously_seen_running_windows_services___update.yml

@@ -13,7 +13,7 @@ search: '`wineventlog_system` EventCode=7036 | rex field=Message "The (?<service
   service entered the (?<state>\w+) state" | where state="running" | stats earliest(_time)
   as firstTimeSeen, latest(_time) as lastTimeSeen by service | inputlookup previously_seen_running_windows_services
   append=t | stats min(firstTimeSeen) as firstTimeSeen, max(lastTimeSeen) as lastTimeSeen
-  by service | where lastTimeSeen > relative_time(now(), "`previously_seen_windows_service_forget_window`")
+  by service | where lastTimeSeen > relative_time(now(), `previously_seen_windows_services_forget_window`)
   | outputlookup previously_seen_running_windows_services'
 how_to_implement: While this search does not require you to adhere to Splunk CIM,
   you must be ingesting your Windows security-event logs for it to execute successfully.