From c4a44e2376ada782a101f57d665c4443c216354b Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 20:03:29 -0300
Subject: [PATCH] Update sysmon_dns_serverlevelplugindll.yml

---
 .../registry_event/sysmon_dns_serverlevelplugindll.yml      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml
index 59849ff8..d0acdb6f 100755
--- a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml
+++ b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml
@@ -30,7 +30,7 @@ logsource:
     category: registry_event
 detection:
     dnsregmod: 
-        TargetObject: '*\services\DNS\Parameters\ServerLevelPluginDll'
+        TargetObject|endswith: '\services\DNS\Parameters\ServerLevelPluginDll'
     condition: 1 of them
 ---
 logsource:
@@ -38,5 +38,5 @@ logsource:
     product: windows
 detection:
     dnsadmin:
-        CommandLine: 'dnscmd.exe /config /serverlevelplugindll *'
-    condition: 1 of them
\ No newline at end of file
+        CommandLine|startswith 'dnscmd.exe /config /serverlevelplugindll '
+    condition: 1 of them