diff --git a/rules/windows/process_access/sysmon_lsass_memdump.yml b/rules/windows/process_access/sysmon_lsass_memdump.yml
index 778afd9bc..ea72d46cc 100755
--- a/rules/windows/process_access/sysmon_lsass_memdump.yml
+++ b/rules/windows/process_access/sysmon_lsass_memdump.yml
@@ -19,9 +19,9 @@ detection:
     selection:
         TargetImage: 'C:\windows\system32\lsass.exe'
         GrantedAccess: '0x1fffff'
-        CallTrace:
-         - '*dbghelp.dll*'
-         - '*dbgcore.dll*'
+        CallTrace|contains:
+         - 'dbghelp.dll'
+         - 'dbgcore.dll'
     condition: selection
 falsepositives:
     - unknown