From 2fa7ae2c1c4329eb8d139cbd4d8dc8d416df2870 Mon Sep 17 00:00:00 2001
From: "S.kiran kumar" <KIRAN_HIFI@YAHOO.COM>
Date: Wed, 14 Oct 2020 13:04:49 +0530
Subject: [PATCH] Update silenttrinity_stager_msbuild_activity.yml

---
 rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
index 308474475..b2e42f372 100644
--- a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
+++ b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
@@ -17,7 +17,7 @@ logsource:
 detection:
     selection:
         EventID: 3
-        ParentImage|endswith: '\msbuild.exe'
+        ParentImage|endswith: 'msbuild.exe'
     condition: selection
 fields:
     - ParentImage