From 6b25378a61a640cfed605d574064f721f6eae59c Mon Sep 17 00:00:00 2001
From: "S.kiran kumar" <KIRAN_HIFI@YAHOO.COM>
Date: Wed, 14 Oct 2020 10:07:16 +0530
Subject: [PATCH] Removed * operator

---
 rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
index 95e6cb02..30847447 100644
--- a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
+++ b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
@@ -17,7 +17,7 @@ logsource:
 detection:
     selection:
         EventID: 3
-        ParentImage|endswith: '*\msbuild.exe'
+        ParentImage|endswith: '\msbuild.exe'
     condition: selection
 fields:
     - ParentImage