From ee80e6bc1eb5d96af9768332229197e1cf76682c Mon Sep 17 00:00:00 2001
From: DustInDark <nextsasasa@gmail.com>
Date: Sat, 18 Dec 2021 11:06:08 +0900
Subject: [PATCH] Hotfix/regex filename replace lack#296 (#297)

* fixed lacked replacement #286

* fixed typo #296
---
 ...tySystemProcess-WindowsService_MaliciousServiceInstalled.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/hayabusa/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml b/rules/hayabusa/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml
index a249f246..4dbbdbd5 100644
--- a/rules/hayabusa/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml
+++ b/rules/hayabusa/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml
@@ -20,7 +20,7 @@ detection:
             regexes: ./config/regex/detectlist_suspicous_services.txt
         ImagePath:
             min_length: 1000
-            allowlist: .allowlist_legitimate_services.txt
+            allowlist: ./config/regex/allowlist_legitimate_services.txt
     condition: selection
 falsepositives:
     - normal system usage