From 262cb31143573e77b7bf06dc896eca8d1e06d4d8 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sun, 16 Jan 2022 11:15:50 +0100
Subject: [PATCH] Fix CommandLine

Forget to copy the correct from Test VM
---
 rules/windows/process_creation/win_pc_cmd_delete.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/process_creation/win_pc_cmd_delete.yml b/rules/windows/process_creation/win_pc_cmd_delete.yml
index b72c3a0f5..6b9cba57b 100644
--- a/rules/windows/process_creation/win_pc_cmd_delete.yml
+++ b/rules/windows/process_creation/win_pc_cmd_delete.yml
@@ -14,10 +14,10 @@ logsource:
     product: windows
 detection:
     selection:
-        - Image|contains|all:
+        - CommandLine|contains|all:
             - 'del '
             - /f
-        - Image|contains|all:    
+        - CommandLine|contains|all:    
             - rmdir
             - /s
             - /q 
@@ -27,4 +27,4 @@ falsepositives:
 level: low
 tags:
     - attack.defense_evasion
-    - attack.t1070.004
\ No newline at end of file
+    - attack.t1070.004