From 9eedeabda9e26b8ef478b176bc6edef41df59f38 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 16:01:24 -0300
Subject: [PATCH] Update sysmon_quarkspw_filedump.yml

---
 rules/windows/file_event/sysmon_quarkspw_filedump.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/file_event/sysmon_quarkspw_filedump.yml b/rules/windows/file_event/sysmon_quarkspw_filedump.yml
index 2a582eaa3..fb8c03e24 100755
--- a/rules/windows/file_event/sysmon_quarkspw_filedump.yml
+++ b/rules/windows/file_event/sysmon_quarkspw_filedump.yml
@@ -18,7 +18,7 @@ logsource:
 detection:
     selection:
         # Sysmon: File Creation (ID 11)
-        TargetFilename: '*\AppData\Local\Temp\SAM-*.dmp*'
+        TargetFilename|contains: '\AppData\Local\Temp\SAM-*.dmp'
     condition: selection
 falsepositives:
     - Unknown