From a8472bf4df92c7b55fde896636d7fa230eeb7d00 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Fri, 9 Dec 2022 19:13:59 +0100
Subject: [PATCH] fix: add missing selection

---
 .../registry/registry_set/registry_set_dot_net_etw_tamper.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml b/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml
index 4e888c2de..3a670b85e 100644
--- a/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml
+++ b/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml
@@ -38,7 +38,7 @@ detection:
             - '\COMPlus_ETWEnabled'
             - '\COMPlus_ETWFlags'
         Details: 0
-    condition: selection
+    condition: 1 of selection_*
 falsepositives:
     - Unknown
 level: high