missed one

2021-02-01 12:36:51 -08:00 · 2021-02-01 12:36:51 -08:00 · f96b912bf4
--- a/Queries/MultipleDataSources/FireEyeRedTeamComms.yaml
+++ b/Queries/MultipleDataSources/FireEyeRedTeamComms.yaml
@ -22,7 +22,7 @@ query: |
  | where TimeGenerated > ago(lookback)
  | where RequestMethod == "GET"
  | where RequestURL contains "&parent_request_id="
-  | where RequestURL matches regex @"&parent_request_id=(?:[A-Za-z0-9_\/\+\-\%]{128,1000})={0,2}[^\r\n]{0,256}"
+  | where RequestURL matches regex @"&parent_request_id=(?:[A-Za-z0-9_\/\+\-\%]{128,1000})={0,2}[^\r\n]{0,256}"
  | extend Quality = "high"
  | extend RuleName = "Backdoor.HTTP.BEACON.[Yelp GET]"
  | project TimeGenerated, Quality, RuleName, DeviceVendor, DeviceProduct, TenantId, SourceIP, DestinationIP, DestinationHostName, RequestMethod, RequestURL;