From 59bfca6aba5eb0d145bf4ec74530eec3495a89fa Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 21 Dec 2021 13:28:47 +0100
Subject: [PATCH] Update win_pc_sqlcmd_veeam_dump.yml

---
 rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml b/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml
index a3a7a4835..897fde0bb 100644
--- a/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml
+++ b/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml
@@ -15,7 +15,7 @@ logsource:
     product: windows
 detection:
     selection_tools:
-        Image|endswith: 'sqlcmd.exe'
+        Image|endswith: '\sqlcmd.exe'
     selection_query:
         CommandLine|contains|all:
             - 'SELECT'