From 6d8a4571cdeb16e8f84211bc3a77e5d115659129 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 10 Nov 2022 18:29:15 +0100
Subject: [PATCH] fix: add missing `-` in selection

---
 .../proc_creation_win_susp_copy_lateral_movement.yml          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_copy_lateral_movement.yml b/rules/windows/process_creation/proc_creation_win_susp_copy_lateral_movement.yml
index 56a7bba72..2456c5053 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_copy_lateral_movement.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_copy_lateral_movement.yml
@@ -26,8 +26,8 @@ detection:
             - '\robocopy.exe'
             - '\xcopy.exe'
     selection_cmd_img:
-        Image|endswith: '\cmd.exe'
-        OriginalFileName: 'Cmd.Exe'
+        - Image|endswith: '\cmd.exe'
+        - OriginalFileName: 'Cmd.Exe'
     selection_cmd_cli:
         CommandLine|contains: 'copy'
     selection_pwsh_img: