From d38195ea31a002cee4c32ea5c19bb082779d0482 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 29 Dec 2022 11:32:37 +0100
Subject: [PATCH] fix: remove folder start

---
 .../proc_creation_macos_system_network_discovery.yml            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml b/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml
index 6f37c4a0e..32242df97 100644
--- a/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml
+++ b/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml
@@ -18,7 +18,7 @@ detection:
         Image|endswith:
             - '/netstat'
             - '/ifconfig'
-            - '/usr/libexec/ApplicationFirewall/socketfilterfw'
+            - '/socketfilterfw'
             - '/networksetup'
             - '/arp'
     selection2: