From 9a7ef0e3c29fd88d87115ee6a31020d12da841c3 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Mon, 30 Sep 2019 19:38:40 +0200
Subject: [PATCH] fix: fixed rule warning

---
 rules/windows/process_creation/win_malware_emotet.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_malware_emotet.yml b/rules/windows/process_creation/win_malware_emotet.yml
index db3e7802..a70e7e1b 100644
--- a/rules/windows/process_creation/win_malware_emotet.yml
+++ b/rules/windows/process_creation/win_malware_emotet.yml
@@ -10,12 +10,12 @@ logsource:
     category: process_creation
     product: windows
 detection:
-    selection1:
+    selection:
         CommandLine:
             - '* -enc PAA*'
             - '* -enco PAA*'
             - '* -encod PAA*'
-    condition: 1 of them
+    condition: selection
 fields:
     - CommandLine
     - ParentCommandLine