From aa2e86963c1870fe583d5c91ef8973ed0096d9b3 Mon Sep 17 00:00:00 2001
From: phantinuss <phantinuss@posteo.org>
Date: Fri, 3 Sep 2021 13:21:29 +0200
Subject: [PATCH] fix: rename filter

---
 rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml b/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml
index 944695928..032e1146f 100644
--- a/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml
+++ b/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml
@@ -25,9 +25,9 @@ detection:
         TargetObject|endswith: 
             - '_Classes\ms-settings\shell\open\command\(Default)'
             - '_Classes\exefile\shell\open\command\(Default)'
-    filter:
+    filter_sel3:
         Details: '(Empty)'
-    condition: selection1 or selection2 or (selection3 and not filter)
+    condition: selection1 or selection2 or (selection3 and not filter_sel3)
 falsepositives:
     - Unknown
 level: high