From 247a85e04adeb2ccc0ac8eb940bffbcd74d3cd4c Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 18:06:51 -0300
Subject: [PATCH] Update win_mavinject_proc_inj.yml

---
 rules/windows/process_creation/win_mavinject_proc_inj.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_mavinject_proc_inj.yml b/rules/windows/process_creation/win_mavinject_proc_inj.yml
index 5fc53cdde..f99d8cfb9 100644
--- a/rules/windows/process_creation/win_mavinject_proc_inj.yml
+++ b/rules/windows/process_creation/win_mavinject_proc_inj.yml
@@ -18,7 +18,7 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine: '* /INJECTRUNNING *'
+        CommandLine|contains: ' /INJECTRUNNING '
     condition: selection
 falsepositives:
     - unknown