From 472da1d8ef8601ea0b455f0df3adb4cf412f93d3 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Fri, 12 Aug 2022 12:07:03 +0200
Subject: [PATCH] Fix startswith

---
 .../windows/file_change/file_change_win_2022_timestomping.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/file_change/file_change_win_2022_timestomping.yml b/rules/windows/file_change/file_change_win_2022_timestomping.yml
index c58e8af44..a8c501b61 100644
--- a/rules/windows/file_change/file_change_win_2022_timestomping.yml
+++ b/rules/windows/file_change/file_change_win_2022_timestomping.yml
@@ -13,9 +13,9 @@ logsource:
     product: windows
 detection:
     selection:
-        PreviousCreationUtcTime|startwith: 2022
+        PreviousCreationUtcTime|startswith: 2022
     filter:
-        CreationUtcTime|startwith: 2022
+        CreationUtcTime|startswith: 2022
     condition: selection and not filter
 falsepositives:
     - NTP change