fix: error in selector

2024-11-07 17:58:52 +00:00 · 2021-07-14 15:58:55 +02:00 · 2021-07-14 15:58:55 +02:00 · e516aecc74
commit e516aecc74
parent 530e04faec
1 changed files with 1 additions and 1 deletions
--- a/rules/windows/process_creation/win_susp_script_exec_from_temp.yml
+++ b/rules/windows/process_creation/win_susp_script_exec_from_temp.yml
@ -12,7 +12,7 @@ logsource:
    category: process_creation
    product: windows
 detection:
-    selection_image1:
+    selection:
        Image|endswith:
            - '\powershell.exe'
            - '\mshta.exe'