From e4f24f4e1fdaa5efe642eed13a934761d308b4e7 Mon Sep 17 00:00:00 2001
From: Cedric HIEN <cedric.hien@soprasteria.com>
Date: Mon, 15 Mar 2021 11:56:19 +0100
Subject: [PATCH] Fix ProcessCommandLine field

---
 rules/windows/process_creation/win_susp_wuauclt.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_susp_wuauclt.yml b/rules/windows/process_creation/win_susp_wuauclt.yml
index dde4a5f13..55659f9a0 100644
--- a/rules/windows/process_creation/win_susp_wuauclt.yml
+++ b/rules/windows/process_creation/win_susp_wuauclt.yml
@@ -16,7 +16,7 @@ logsource:
     service: process_creation
 detection:
     selection:
-        ProcessCommandline|contains|all: 
+        ProcessCommandLine|contains|all: 
             - '/UpdateDeploymentProvider'
             - '/RunHandlerComServer'
         Image|endswith: 
@@ -24,4 +24,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: high
\ No newline at end of file
+level: high