From 6cdb8fc1694820ebaf166f2c22d1a4f99b03d8bd Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Wed, 8 Dec 2021 10:11:55 +0100
Subject: [PATCH] fix: wrong cmdline combos

---
 other/godmode_sigma_rule.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/other/godmode_sigma_rule.yml b/other/godmode_sigma_rule.yml
index 9c90a426a..c5292a1db 100644
--- a/other/godmode_sigma_rule.yml
+++ b/other/godmode_sigma_rule.yml
@@ -56,8 +56,7 @@ detection:
             - ' comsvcs.dll,#24'  # Process dumping method apart from procdump
             - ' comsvcs.dll MiniDump'  # Process dumping method apart from procdump
             - ' comsvcs.dll #24'  # Process dumping method apart from procdump
-            - 'MiniDump full'  # Process dumping method apart from procdump
-            - '#24 full'  # Process dumping method apart from procdump
+            - '.dmp full'  # Process dumping method apart from procdump
     selection_parent_child:
         ParentImage|contains:
             # Office Dropper Detection