From 641c27fbe188c9820e4e7ba5aa5ae8d7d4b53cc5 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 23:24:54 -0300
Subject: [PATCH] Update proxy_susp_flash_download_loc.yml

---
 rules/proxy/proxy_susp_flash_download_loc.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/rules/proxy/proxy_susp_flash_download_loc.yml b/rules/proxy/proxy_susp_flash_download_loc.yml
index 402bcb514..dc9f44869 100644
--- a/rules/proxy/proxy_susp_flash_download_loc.yml
+++ b/rules/proxy/proxy_susp_flash_download_loc.yml
@@ -10,11 +10,11 @@ logsource:
     category: proxy
 detection:
     selection:
-        c-uri-query:
-            - '*/install_flash_player.exe'
-            - '*/flash_install.php*'
+        c-uri-query|contains:
+            - '/install_flash_player.exe'
+            - '/flash_install.php'
     filter:
-        c-uri-stem: '*.adobe.com/*'
+        c-uri-stem|contains: '.adobe.com/'
     condition: selection and not filter
 falsepositives:
     - Unknown flash download locations
@@ -27,4 +27,4 @@ tags:
     - attack.t1204  # an old one
     - attack.defense_evasion
     - attack.t1036.005
-    - attack.t1036  # an old one
\ No newline at end of file
+    - attack.t1036  # an old one