From db62085f7712db53742dfe8da3ee0b595bb8a7cf Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Thu, 16 Mar 2023 19:18:36 +0100
Subject: [PATCH] fix: ip regex

---
 .../proc_creation_win_rundll32_webdav_client_susp_execution.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml b/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
index 51cd22710..75fa07955 100644
--- a/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
+++ b/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
@@ -23,7 +23,7 @@ detection:
         CommandLine|contains:
             - 'C:\windows\system32\davclnt.dll,DavSetCookie'
             - '://'
-        CommandLine|re: '\d{1-3}\.\d{1-3}.\d{1-3}'
+        CommandLine|re: '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
     filter_local_ips:
         CommandLine|contains:
             - '://10.' #10.0.0.0/8