From 884891746b5df23e07aaa6ca87af870fe4d2afbf Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Fri, 2 Sep 2022 12:02:18 +0200
Subject: [PATCH] Update proc_creation_win_powershell_amsi_bypass.yml

---
 .../proc_creation_win_powershell_amsi_bypass.yml                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_powershell_amsi_bypass.yml b/rules/windows/process_creation/proc_creation_win_powershell_amsi_bypass.yml
index 110404f91..3b7affa43 100644
--- a/rules/windows/process_creation/proc_creation_win_powershell_amsi_bypass.yml
+++ b/rules/windows/process_creation/proc_creation_win_powershell_amsi_bypass.yml
@@ -12,7 +12,7 @@ logsource:
     category: process_creation
     product: windows
 detection:
-    selection1:
+    selection:
         CommandLine|contains:
             - 'System.Management.Automation.AmsiUtils'
             - 'amsiInitFailed'