From 5dc02f3a87d8d1ff4d522c8c821d189ebacecb19 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 16:26:28 -0300
Subject: [PATCH] Update sysmon_win_binary_github_com.yml

---
 .../network_connection/sysmon_win_binary_github_com.yml   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/windows/network_connection/sysmon_win_binary_github_com.yml b/rules/windows/network_connection/sysmon_win_binary_github_com.yml
index 1d197ab93..6e76f63df 100755
--- a/rules/windows/network_connection/sysmon_win_binary_github_com.yml
+++ b/rules/windows/network_connection/sysmon_win_binary_github_com.yml
@@ -21,10 +21,10 @@ logsource:
 detection:
     selection:
         Initiated: 'true'
-        DestinationHostname:
-            - '*.github.com'
-            - '*.githubusercontent.com'
-        Image: 'C:\Windows\\*'
+        DestinationHostname|endswith:
+            - '.github.com'
+            - '.githubusercontent.com'
+        Image|startswith: 'C:\Windows\\'
     condition: selection
 falsepositives:
     - 'Unknown'