Fix typo in conditions

rules/windows/file/file_event/file_event_win_creation_scr_binary_file.yml

@@ -26,7 +26,7 @@ detection:
         # ParentCommandLine: C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
         Image|endswith: '\TiWorker.exe'
         TargetFileName|endswith: '\uwfservicingscr.scr'
-    condition: selection and not 1 of filter*
+    condition: selection and not 1 of filter_*
 falsepositives:
     - Unknown
 level: medium

rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml

@@ -30,7 +30,7 @@ detection:
         # This filter is to avoid a race condition FP with this specific ETW provider in aurora
         Provider_Name: Microsoft-Windows-Kernel-Process
         Image: null
-    condition: selection and not filter
+    condition: selection and not 1 of filter_*
 falsepositives:
     - Unknown
 level: low

rules/windows/image_load/image_load_in_memory_powershell.yml

@@ -57,7 +57,7 @@ detection:
         # This filter is to avoid a race condition FP with this specific ETW provider in aurora
         Provider_Name: Microsoft-Windows-Kernel-Process
         Image: null
-    condition: selection and not 1 of filter*
+    condition: selection and not 1 of filter_*
 falsepositives:
     - Used by some .NET binaries, minimal on user workstation.
     - Used by Microsoft SQL Server Management Studio

rules/windows/process_creation/proc_creation_win_non_interactive_powershell.yml

@@ -22,7 +22,7 @@ detection:
             - '\CompatTelRunner.exe'
         - ParentImage: 'C:\$WINDOWS.~BT\Sources\SetupHost.exe' # During Windows updates/upgrades
         # CommandLine: powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';
-    condition: selection and not filter
+    condition: selection and not 1 of filter_*
 falsepositives:
     - Legitimate programs executing PowerShell scripts
 level: low