Fix references to p0.cmdline

detection/execution/exotic-command-events-macos.sql

@@ -103,7 +103,7 @@ WHERE
     OR p0_name LIKE '%attack%' -- Unusual behaviors
     OR p0_cmd LIKE '%powershell%'
     OR p0_cmd LIKE '%chattr -i%'
-    OR p0.cmdline LIKE '%dd if=/dev/%'
+    OR p0_cmd LIKE '%dd if=/dev/%'
     OR p0_cmd LIKE '%cat /dev/null >%'
     OR p0_cmd LIKE '%truncate -s0 %'
     OR p0_cmd LIKE '%touch%acmr%'

detection/execution/exotic-commands-macos.sql

@@ -94,12 +94,12 @@ WHERE
       OR p.cmdline LIKE '%dd if=/dev/%'
   )
   AND NOT (
-    p0.cmdline LIKE '%UserKnownHostsFile=/dev/null%'
+    p0_cmd LIKE '%UserKnownHostsFile=/dev/null%'
     AND p1.name == 'limactl'
   )
   AND NOT (
-    p0.cmdline LIKE '%sh -i'
-    AND p1.cmdline LIKE '%pipenv shell'
+    p0_cmd LIKE '%sh -i'
+    AND p1_cmd LIKE '%pipenv shell'
   )
   AND NOT p0_cmd IN ('pkill -f Jabra Direct')
 GROUP BY