From 4fa86ca772b006a375d6c4b8fc48d1ee75f22a4a Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 21 Jul 2022 21:25:14 +0100
Subject: [PATCH] Update registry_set_mpnotify_persistence.yml

---
 .../registry/registry_set/registry_set_mpnotify_persistence.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml b/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml
index 2c7c41795..fc561f8d1 100644
--- a/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml
+++ b/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml
@@ -11,7 +11,7 @@ logsource:
     category: registry_set
     product: windows
 detection:
-    selection_root:
+    selection:
         EventType: SetValue
         TargetObject|contains: '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\mpnotify'
     condition: selection