From 8d195bf5d57f8816035fb896af16b7f259b45860 Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Wed, 4 Aug 2021 13:11:31 -0500
Subject: [PATCH] Update
 sysmon_disabled_pua_protection_on_microsoft_defender.yml

---
 .../sysmon_disabled_pua_protection_on_microsoft_defender.yml    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/registry_event/sysmon_disabled_pua_protection_on_microsoft_defender.yml b/rules/windows/registry_event/sysmon_disabled_pua_protection_on_microsoft_defender.yml
index e79e6055..7486226a 100644
--- a/rules/windows/registry_event/sysmon_disabled_pua_protection_on_microsoft_defender.yml
+++ b/rules/windows/registry_event/sysmon_disabled_pua_protection_on_microsoft_defender.yml
@@ -14,7 +14,7 @@ logsource:
 detection:
     selection:
         EventType: SetValue
-        TargetObject|contains: 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\PUAProtection'
+        TargetObject|contains: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\PUAProtection'
         Details: 'DWORD (0x00000000)'
     condition: selection
 falsepositives: