From f6e7fc446ff0b9a41507ca671f29462b8f3a68da Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Tue, 13 Jul 2021 11:21:12 -0300
Subject: [PATCH] Remove Wildcard

---
 tools/sigma/backends/ala.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/sigma/backends/ala.py b/tools/sigma/backends/ala.py
index f70a9dbf1..c053004ee 100644
--- a/tools/sigma/backends/ala.py
+++ b/tools/sigma/backends/ala.py
@@ -124,7 +124,7 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend):
                 elif val.endswith("*"):
                     op = "startswith"
                 val = re.sub('([".^$]|(?![*?]))', '\g<1>', val)
-                val = re.sub('(\\\\\*|\*)', '.*', val)
+                val = re.sub('(\\\\\*|\*)', '', val)
                 val = re.sub('\\?', '.', val)
                 if "\\" in val:
                     return "%s @'%s'" % (op, self.cleanValue(val))