From ab959394abc5dbeadc22f4130fb9d40cb9bcf0c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= <o.gunal977@gmail.com>
Date: Tue, 10 Nov 2020 20:09:46 +0300
Subject: [PATCH] Update lnx_install_root_certificate.yml

---
 rules/linux/lnx_install_root_certificate.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/linux/lnx_install_root_certificate.yml b/rules/linux/lnx_install_root_certificate.yml
index 041baea7..ecd7fc34 100644
--- a/rules/linux/lnx_install_root_certificate.yml
+++ b/rules/linux/lnx_install_root_certificate.yml
@@ -16,8 +16,8 @@ detection:
          ProcessName|endswith:
           - '/update-ca-certificates'
     selection2:
-         CommandLine|contains|all:
-          - 'update-ca-trust'
+         ProcessName|endswith:
+          - '/update-ca-trust'
     condition: selection or selection2
 falsepositives:
     - Legitimate administration activities