From 611c19382602a75f86eacbde6f75df2b2eb1e75f Mon Sep 17 00:00:00 2001
From: root <sechost@yandex.ru>
Date: Sat, 26 Oct 2019 07:45:53 +0200
Subject: [PATCH] modifed win_susp_odbcconf.yml

---
 rules/windows/process_creation/win_susp_odbcconf.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/process_creation/win_susp_odbcconf.yml b/rules/windows/process_creation/win_susp_odbcconf.yml
index a1765b851..49a206ca2 100644
--- a/rules/windows/process_creation/win_susp_odbcconf.yml
+++ b/rules/windows/process_creation/win_susp_odbcconf.yml
@@ -13,9 +13,9 @@ logsource:
     category: process_creation
     product: windows
 detection:
-  selection:
-    Image: '*\odbcconf.exe'
-    CommandLine: '* -f *.rsp'
+    selection:
+        Image: '*\odbcconf.exe'
+        CommandLine: '* -f *.rsp'
     condition: selection
 level: medium
 falsepositives: