fixed condition

swachchhanda000 · swachchhanda000 · commit 7fc8e3903803 · 2025-02-25T07:37:39.000+05:45
diff --git a/rules/windows/process_creation/proc_creation_win_pua_adfind_enumeration.yml b/rules/windows/process_creation/proc_creation_win_pua_adfind_enumeration.yml
@@ -45,7 +45,7 @@ detection:
         CommandLine|contains: '-sc admincountdmp'
     selection_cmd_enum_exchange: # Enumerate Active Directory Exchange AD Objects
         CommandLine|contains: '-sc exchaddresses'
-    condition: selection_img and 1 of selection_cmd_*
+    condition: 1 of selection_*
 falsepositives:
     - Authorized administrative activity
 level: high
