title: Testrule
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        CommandLine|windash|contains|all:
            - -foo-1 -bar-2 -bla-3
            - -foo-bar
    condition: selection