From 2ffca9c8da4bb8ca78002ed4af69165677f09614 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Wed, 21 Sep 2022 18:08:24 +0200
Subject: [PATCH] fix: condition

---
 .../process_creation/proc_creation_win_sharp_chisel_usage.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml b/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml
index 7d472e237..adce54a59 100644
--- a/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml
+++ b/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml
@@ -33,7 +33,7 @@ detection:
     #         - ' --reverse'
     #         - ' r:'
     #         - ':127.0.0.1:'
-    condition: 1 of selection
+    condition: 1 of selection*
 falsepositives:
     - Some false positives may occure with other tools with similar commandlines
 level: high