From 78ca0d324cd93c0c7aab5c64911209bb5a4e76c6 Mon Sep 17 00:00:00 2001
From: Daniel Gott <47673777+danielgottt@users.noreply.github.com>
Date: Sun, 31 Jul 2022 18:54:34 -0400
Subject: [PATCH] Update proc_creation_win_dnscmd_discovery.yml

Modified selection name
---
 .../process_creation/proc_creation_win_dnscmd_discovery.yml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_dnscmd_discovery.yml b/rules/windows/process_creation/proc_creation_win_dnscmd_discovery.yml
index 99ea741c5..a6e17482a 100644
--- a/rules/windows/process_creation/proc_creation_win_dnscmd_discovery.yml
+++ b/rules/windows/process_creation/proc_creation_win_dnscmd_discovery.yml
@@ -21,7 +21,7 @@ logsource:
 detection:
     selection_dsamain:
         Image|endswith: '\dnscmd.exe'
-    selection_recon1:
+    selection_1:
         CommandLine|contains:
             - '/enumrecords'
             - '/enumzones'