From a46b20b78cbbfc64b575423151ca4d5045cb72d4 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 21 Jul 2022 14:42:54 +0100
Subject: [PATCH] Update
 proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml

---
 ...ation_lnx_cve_2022_33891_spark_shell_command_injection.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rules/linux/process_creation/proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml b/rules/linux/process_creation/proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml
index 7cbc58067..0eb36bf78 100644
--- a/rules/linux/process_creation/proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml
@@ -14,7 +14,9 @@ logsource:
 detection:
     selection:
         ParentImage|endswith: '\bash'
-        CommandLine|contains: 'id -Gn `'
+        CommandLine|contains:
+            - 'id -Gn `'
+            - "id -Gn '"
     condition: selection
 falsepositives:
     - Unlikely