updated falco rules files

Signed-off-by: h4l0gen <ks3913688@gmail.com>

rules/falco-sandbox_rules.yaml

@@ -407,10 +407,10 @@
   condition: (proc.name in (python, pypy, python3) and
     proc.cmdline contains ansible)
 
-macro: python_running_chef
+- macro: python_running_chef
   condition: >
     (proc.name= python and
-     (proc.cmdline contains yum-dump.py or
+    (proc.cmdline contains yum-dump.py or
       proc.cmdline="python /usr/bin/chef-monitor.py"))
 
 - macro: python_running_denyhosts