From 0de95e355a41bfb2c8d96f77d7754a66f97cc302 Mon Sep 17 00:00:00 2001
From: Austin Songer <a.songer@protonmail.com>
Date: Mon, 6 Sep 2021 11:31:52 -0500
Subject: [PATCH] Update azure_federation_modified.yml

---
 rules/cloud/azure/azure_federation_modified.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/cloud/azure/azure_federation_modified.yml b/rules/cloud/azure/azure_federation_modified.yml
index f5b0eee44..bc627c97b 100644
--- a/rules/cloud/azure/azure_federation_modified.yml
+++ b/rules/cloud/azure/azure_federation_modified.yml
@@ -5,7 +5,7 @@ author: Austin Songer
 status: experimental
 date: 2021/09/06
 references:
-    - https://attack.mitre.org/techniques/T1078/
+    - https://attack.mitre.org/techniques/T1078
 logsource:
   service: azure.signinlogs
 detection:
@@ -20,4 +20,4 @@ falsepositives:
  - Federation Settings being modified or deleted may be performed by a system administrator. 
  - Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. 
  - Federation Settings modified from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.
- 
+