From db3eda51ddb1a85ab03ef4bbf49b87cb3237ff29 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sun, 15 Aug 2021 08:02:51 +0200
Subject: [PATCH] fix errors

---
 rules/cloud/gcp/gcp_service_account_modified.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/rules/cloud/gcp/gcp_service_account_modified.yml b/rules/cloud/gcp/gcp_service_account_modified.yml
index 172bcc7bb..5f869897c 100644
--- a/rules/cloud/gcp/gcp_service_account_modified.yml
+++ b/rules/cloud/gcp/gcp_service_account_modified.yml
@@ -10,12 +10,12 @@ logsource:
   service: gcp.audit
 detection:
     selection:
-        gcp.audit.method_name: 
-            - *.serviceAccounts.patch
-            - *.serviceAccounts.create
-            - *.serviceAccounts.update
-            - *.serviceAccounts.patch
-            - *.serviceAccounts.enable
+        gcp.audit.method_name|endswith: 
+            - .serviceAccounts.patch
+            - .serviceAccounts.create
+            - .serviceAccounts.update
+            - .serviceAccounts.disable
+            - .serviceAccounts.enable
     condition: selection
 level: medium
 tags: