From e14dedb3e339059387f8dbeef2daf9d7222f522f Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:33:49 +0200
Subject: [PATCH] Update image_load_side_load_dbghelp_dll.yml

---
 .../windows/image_load/image_load_side_load_dbghelp_dll.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml b/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
index b048db50e..19256a9fe 100644
--- a/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
+++ b/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
@@ -19,13 +19,13 @@ detection:
     selection:
         ImageLoaded|endswith: '\dbghelp.dll'
     filter_generic:
-        ImageLoaded:
+        - ImageLoaded:
             - 'C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll'
             - 'C:\Program Files\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll'
             - 'C:\Program Files\Common Files\microsoft shared\DW\DBGHELP.DLL'
             - 'C:\Program Files\Dell\DTP\InstrumentationSubAgent\dbghelp.dll'
             - 'C:\Program Files\DTrace\dbghelp.dll'
-        ImageLoaded|startswith:
+        - ImageLoaded|startswith:
             - 'C:\Windows\System32\'
             - 'C:\Windows\SysWOW64\'
             - 'C:\Windows\WinSxS\'
@@ -38,7 +38,7 @@ detection:
             - 'C:\Program Files\Microsoft Office\Office'
             - 'C:\Program Files\Microsoft Office\Root\Office'
             - 'C:\Program Files\WindowsApps\Microsoft.WinDbg_'
-        ImageLoaded|endswith:
+        - ImageLoaded|endswith:
             - '\Epic Games\Launcher\Engine\Binaries\ThirdParty\DbgHelp\dbghelp.dll'
             - '\Epic Games\MagicLegends\x86\dbghelp.dll'
             - '\Anaconda3\Lib\site-packages\vtrace\platforms\windll\amd64\dbghelp.dll'