From 019764f83f80f0cef7d0ca608dea35dcb73dd9dd Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Thu, 22 Jul 2021 21:40:05 -0500
Subject: [PATCH] Update aws_route_53_domain_transferred_to_another_account.yml

---
 ...aws_route_53_domain_transferred_to_another_account.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/cloud/aws_route_53_domain_transferred_to_another_account.yml b/rules/cloud/aws_route_53_domain_transferred_to_another_account.yml
index 8fb1ff59c..9dd6a0f3f 100644
--- a/rules/cloud/aws_route_53_domain_transferred_to_another_account.yml
+++ b/rules/cloud/aws_route_53_domain_transferred_to_another_account.yml
@@ -1,5 +1,5 @@
-title: "AWS Route 53 Domain Transferred to Another Account"
-description: "Identifies when a request has been made to transfer a Route 53 domain to another AWS account."
+title: AWS Route 53 Domain Transferred to Another Account
+description: Identifies when a request has been made to transfer a Route 53 domain to another AWS account.
 author: Elastic, Austin Songer
 status: experimental
 date: 2021/07/22
@@ -15,8 +15,8 @@ detection:
     condition: all of them
 tags:
     - attack.persistence
-	- attack.credential_access
-	- attack.t1098
+    - attack.credential_access
+    - attack.t1098
 falsepositives:
 - A domain may be transferred to another AWS account by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Domain transfers from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule.
 level: low