From 90d20094acbb91ec504674e640dbcecf416ee56e Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 19:34:00 -0300
Subject: [PATCH] Update win_susp_ping_hex_ip.yml

---
 rules/windows/process_creation/win_susp_ping_hex_ip.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/process_creation/win_susp_ping_hex_ip.yml b/rules/windows/process_creation/win_susp_ping_hex_ip.yml
index 966ccfbfd..204c2b0ac 100644
--- a/rules/windows/process_creation/win_susp_ping_hex_ip.yml
+++ b/rules/windows/process_creation/win_susp_ping_hex_ip.yml
@@ -15,9 +15,9 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine:
-            - '*\ping.exe 0x*'
-            - '*\ping 0x*'
+        CommandLine|contains:
+            - '\ping.exe 0x'
+            - '\ping 0x'
     condition: selection
 fields:
     - ParentCommandLine