Update rules/windows/discovery_host_public_ip_address_lookup.toml

Samirbous · w0rk3r · web-flow · commit 2b62afbed909 · 2025-09-01T15:10:51.000+01:00
Co-authored-by: Jonhnathan &lt;26856693+w0rk3r@users.noreply.github.com&gt;
diff --git a/rules/windows/discovery_host_public_ip_address_lookup.toml b/rules/windows/discovery_host_public_ip_address_lookup.toml
@@ -80,7 +80,7 @@ network where host.os.type == "windows" and dns.question.name != null and
 
   ?process.code_signature.exists == false or ?process.code_signature.trusted == false or
 
-  ?process.code_signature.subject_name in ("AUTOIT CONSULTING LTD", "AutoIt Consulting Ltd", "OpenJS Foundation", "Python Software Foundation") or
+  ?process.code_signature.subject_name : ("AutoIt Consulting Ltd", "OpenJS Foundation", "Python Software Foundation") or
 
   ?process.executable : ("?:\\Users\\*.exe", "", "?:\\ProgramData\\*.exe",  "?\\Device\\HarddiskVolume?\\Users\\*.exe",  "?\\Device\\HarddiskVolume?\\ProgramData\\*.exe")
  ) and
