Update proc_creation_win_driverquery_usage.yml

SigmaHQ · Sep 29, 2023 · db1e228 · db1e228
1 parent f4dea12
commit db1e228
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/windows/process_creation/proc_creation_win_driverquery_usage.yml b/rules/windows/process_creation/proc_creation_win_driverquery_usage.yml
@@ -18,7 +18,7 @@ logsource:
     category: process_creation
     product: windows
 detection:
-    selection_img:
+    selection:
         - Image|endswith: 'driverquery.exe'
         - OriginalFileName: 'drvqry.exe'
     filter_main_other: # These are covered in 9fc3072c-dc8f-4bf7-b231-18950000fadd to avoid duplicate alerting