From f44eb6345cfc0fdf2e03301de121eeb680d4f724 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 17:53:20 -0300
Subject: [PATCH] Update win_grabbing_sensitive_hives_via_reg.yml

---
 .../process_creation/win_grabbing_sensitive_hives_via_reg.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml b/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml
index c49df6bc1..a0ae78a12 100644
--- a/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml
+++ b/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml
@@ -19,7 +19,7 @@ logsource:
     product: windows
 detection:
     selection_1:
-        Image: '*\reg.exe'
+        Image|endswith: '\reg.exe'
         CommandLine|contains:
             - 'save'
             - 'export'