From bdca2febe930cfb882a999a5aa34a23e18b8ee69 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 20:02:58 -0300
Subject: [PATCH] Update sysmon_dhcp_calloutdll.yml

---
 rules/windows/registry_event/sysmon_dhcp_calloutdll.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml b/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml
index c2cff4812..d8b7daf7c 100755
--- a/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml
+++ b/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml
@@ -19,10 +19,9 @@ logsource:
     product: windows
 detection:
     selection:
-        
-        TargetObject:
-            - '*\Services\DHCPServer\Parameters\CalloutDlls'
-            - '*\Services\DHCPServer\Parameters\CalloutEnabled'
+        TargetObject|endswith:
+            - '\Services\DHCPServer\Parameters\CalloutDlls'
+            - '\Services\DHCPServer\Parameters\CalloutEnabled'
     condition: selection
 falsepositives:
     - unknown