fix invalid case SamAccountName

2024-11-07 01:45:21 +00:00 · 2021-07-06 15:43:07 +02:00 · 2021-07-06 15:43:07 +02:00 · 9cf1d3d5f3
commit 9cf1d3d5f3
parent bcf2bf2e4d
1 changed files with 2 additions and 2 deletions
--- a/rules/windows/builtin/win_susp_local_anon_logon_created.yml
+++ b/rules/windows/builtin/win_susp_local_anon_logon_created.yml
@ -6,7 +6,7 @@ references:
    - https://twitter.com/SBousseaden/status/1189469425482829824
 author: James Pemberton / @4A616D6573
 date: 2019/10/31
-modified: 2020/08/23
+modified: 2021/07/06
 tags:
    - attack.persistence
    - attack.t1136          # an old one
@ -18,7 +18,7 @@ logsource:
 detection:
    selection:
        EventID: 4720
-        SAMAccountName|contains|all: 
+        SamAccountName|contains|all: 
            - 'ANONYMOUS'
            - 'LOGON'
    condition: selection