From 250d6c0dd0247c4fc564958eeb7e63df912daac1 Mon Sep 17 00:00:00 2001
From: phantinuss <79651203+phantinuss@users.noreply.github.com>
Date: Tue, 25 Jul 2023 10:17:30 +0200
Subject: [PATCH] fix: selection to use all strings

---
 .../proc_creation_win_net_use_mount_internet_share.yml         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_net_use_mount_internet_share.yml b/rules/windows/process_creation/proc_creation_win_net_use_mount_internet_share.yml
index fcd01b86680..75aa985a568 100644
--- a/rules/windows/process_creation/proc_creation_win_net_use_mount_internet_share.yml
+++ b/rules/windows/process_creation/proc_creation_win_net_use_mount_internet_share.yml
@@ -6,6 +6,7 @@ references:
     - https://drive.google.com/file/d/1lKya3_mLnR3UQuCoiYruO3qgu052_iS_/view
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/02/21
+modified: 2023/07/25
 tags:
     - attack.lateral_movement
     - attack.t1021.002
@@ -21,7 +22,7 @@ detection:
             - 'net.exe'
             - 'net1.exe'
     selection_cli:
-        CommandLine|contains:
+        CommandLine|contains|all:
             - ' use '
             - ' http'
     condition: all of selection_*