From d1b123c16a0cd39e9dfae034752df0638c3ee090 Mon Sep 17 00:00:00 2001
From: "C.J. May" <lawndoc@protonmail.com>
Date: Tue, 9 Aug 2022 17:56:28 -0500
Subject: [PATCH] removed slashes from strings

---
 .../file_event_bloodhound_collection.yml       | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/rules/windows/file_event/file_event_bloodhound_collection.yml b/rules/windows/file_event/file_event_bloodhound_collection.yml
index 5ec7fd6b1..9c0684d33 100644
--- a/rules/windows/file_event/file_event_bloodhound_collection.yml
+++ b/rules/windows/file_event/file_event_bloodhound_collection.yml
@@ -22,17 +22,17 @@ logsource:
 detection:
     selection1:
         TargetFilename|endswith: 
-            - '\_BloodHound.zip'
-            - '\_computers.json'
-            - '\_containers.json'
-            - '\_domains.json'
-            - '\_gpos.json'
-            - '\_groups.json'
-            - '\_ous.json'
-            - '\_users.json'
+            - '_BloodHound.zip'
+            - '_computers.json'
+            - '_containers.json'
+            - '_domains.json'
+            - '_gpos.json'
+            - '_groups.json'
+            - '_ous.json'
+            - '_users.json'
     selection2:
         TargetFilename|contains|all:
-            - '\BloodHound'
+            - 'BloodHound'
             - '.zip'
     condition: 1 of selection*
 falsepositives: