remove extra asterisk

YamatoSecurity · Nov 10, 2023 · c303080 · c303080
1 parent 309c2de
commit c303080
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...ndows/process_creation/proc_creation_win_webshell_susp_process_spawned_from_webserver.yml b/...ndows/process_creation/proc_creation_win_webshell_susp_process_spawned_from_webserver.yml
@@ -81,7 +81,7 @@ detection:
         CommandLine|contains|all:
             - 'sc query'
             - 'ADManager Plus'
-    condition: 1 of selection_webserver_* and selection_anomaly_children and not 1 of filter_main_**
+    condition: 1 of selection_webserver_* and selection_anomaly_children and not 1 of filter_main_*
 falsepositives:
     - Particular web applications may spawn a shell process legitimately
 level: high