From 2e6f87e2effd5f000df93c2f77e59e14f2fd17ea Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Mon, 7 Sep 2020 09:34:18 +0200
Subject: [PATCH] Update win_susp_ping_hex_ip.yml

---
 rules/windows/process_creation/win_susp_ping_hex_ip.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_ping_hex_ip.yml b/rules/windows/process_creation/win_susp_ping_hex_ip.yml
index a2ec5a5af..6aa11c82b 100644
--- a/rules/windows/process_creation/win_susp_ping_hex_ip.yml
+++ b/rules/windows/process_creation/win_susp_ping_hex_ip.yml
@@ -15,7 +15,7 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine:
+        CommandLine|contains:
             - 'ping.exe*0x*'
             - 'ping*0x*'
     condition: selection