From 18955ff2701bd7908418cfd264b0fcd87a641fe7 Mon Sep 17 00:00:00 2001
From: art-labs <60758087+art-labs@users.noreply.github.com>
Date: Mon, 6 Nov 2023 19:33:38 -0500
Subject: [PATCH] fix link (#2593)

---
 atomics/T1654/T1654.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1654/T1654.yaml b/atomics/T1654/T1654.yaml
index 6d4165f7..df2e6d77 100644
--- a/atomics/T1654/T1654.yaml
+++ b/atomics/T1654/T1654.yaml
@@ -6,7 +6,7 @@ atomic_tests:
   description: |-
     Uses the built-in PowerShell commandlet Get-EventLog to search for 'SYSTEM' keyword and saves results to a text file.
 
-    This technique was observed in a (TheDFIRReport case)[https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/] 
+    This technique was observed in a [TheDFIRReport case](https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/) 
     where the threat actor enumerated the Windows Security audit log to determine user accounts and associated IPv4 addresses.
 
     Successful execution will save matching log events to the users temp folder.