From 14a2bf3b596bbf0980346b31eb3fd10aeb23ed5c Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 12 Dec 2022 22:16:38 +0100
Subject: [PATCH] fix: error in selection

---
 .../process_creation/proc_creation_susp_rcedit_execution.yml   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_susp_rcedit_execution.yml b/rules/windows/process_creation/proc_creation_susp_rcedit_execution.yml
index 1ad1b4900..c9ca2c50d 100644
--- a/rules/windows/process_creation/proc_creation_susp_rcedit_execution.yml
+++ b/rules/windows/process_creation/proc_creation_susp_rcedit_execution.yml
@@ -25,8 +25,7 @@ detection:
         - Description: 'Edit resources of exe'
         - Product: 'rcedit'
     selection_flags:
-        CommandLine|contains:
-            - '--set-' # Covers multiple edit commands such as "--set-resource-string" or "--set-version-string"
+        CommandLine|contains: '--set-' # Covers multiple edit commands such as "--set-resource-string" or "--set-version-string"
     selection_attributes:
         CommandLine|contains:
             - 'OriginalFileName'