From e1d3e2458fd66deb245d3367cabe42913e7a7fe4 Mon Sep 17 00:00:00 2001
From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>
Date: Thu, 21 Dec 2023 06:59:33 +0900
Subject: [PATCH] fix broken pipe typo

---
 config/default_details.txt                             | 4 ++--
 hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/default_details.txt b/config/default_details.txt
index 116a97c2f..b9c15ec4f 100644
--- a/config/default_details.txt
+++ b/config/default_details.txt
@@ -60,8 +60,8 @@ Microsoft-Windows-Sysmon, 9, Proc: %Image% ¦ Device: %Device% ¦ PID: %ProcessI
 Microsoft-Windows-Sysmon, 10, SrcProc: %SourceImage% ¦ TgtProc: %TargetImage% ¦ SrcUser: %SourceUser% ¦ TgtUser: %TargetUser% ¦ Access: %GrantedAccess% ¦ SrcPID: %SourceProcessId% ¦ SrcPGUID: %SourceProcessGUID% ¦ TgtPID: %TargetProcessId% ¦ TgtPGUID: %TargetProcessGUID%
 Microsoft-Windows-Sysmon, 11, Path: %TargetFilename% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
 Microsoft-Windows-Sysmon, 12, EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
-Microsoft-Windows-Sysmon, 13, EventType: %EventType% ¦ TgtObj: %TargetObject%: %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
-Microsoft-Windows-Sysmon, 14, EventType: %EventType% ¦ TgtObj: %TargetObject%: %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
+Microsoft-Windows-Sysmon, 13, EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
+Microsoft-Windows-Sysmon, 14, EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
 Microsoft-Windows-Sysmon, 15, Path: %TargetFilename% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid% ¦ Hash: %Hash%
 Microsoft-Windows-Sysmon, 16, Config: %Configuration%
 Microsoft-Windows-Sysmon, 17, Pipe: %PipeName% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%
diff --git a/hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml b/hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml
index 290f35818..0cd223a08 100644
--- a/hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml
+++ b/hayabusa/sysmon/Sysmon_13_RegKeyValueSet_RuleAlert.yml
@@ -6,7 +6,7 @@ title: 'Reg Key Value Set (Sysmon Alert)'
 description: |
     This Registry event type identifies Registry value modifications.
     The event records the value written for Registry values of type DWORD and QWORD.
-details: 'Rule: %RuleName% ¦ EventType: %EventType% ¦ TgtObj: %TargetObject%: %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%'
+details: 'Rule: %RuleName% ¦ EventType: %EventType% ¦ TgtObj: %TargetObject% ¦ %Details% ¦ Proc: %Image% ¦ PID: %ProcessId% ¦ PGUID: %ProcessGuid%'
 
 id: 78431930-a5c6-46ae-b02c-fcdc2a7325c2
 level: medium