diff --git a/rules/windows/network_connection/sysmon_win_binary_github_com.yml b/rules/windows/network_connection/sysmon_win_binary_github_com.yml
index 1d197ab93..6e76f63df 100755
--- a/rules/windows/network_connection/sysmon_win_binary_github_com.yml
+++ b/rules/windows/network_connection/sysmon_win_binary_github_com.yml
@@ -21,10 +21,10 @@ logsource:
 detection:
     selection:
         Initiated: 'true'
-        DestinationHostname:
-            - '*.github.com'
-            - '*.githubusercontent.com'
-        Image: 'C:\Windows\\*'
+        DestinationHostname|endswith:
+            - '.github.com'
+            - '.githubusercontent.com'
+        Image|startswith: 'C:\Windows\\'
     condition: selection
 falsepositives:
     - 'Unknown'