fix detection

2022-01-02 11:45:33 +01:00
parent 637ce004ae
commit 757bf95ecb
1 changed files with 1 additions and 1 deletions
@@ -12,7 +12,7 @@ logsource:
 detection:
    selection:
        Image|endswith: \powershell.exe
-        CommandLine|contains:
+        CommandLine|contains|all:
            - '-e '
            - '==' # not all base64 have the ==
    condition: selection