From 25d978d9bd6a4c1af64bec624c36621b9ccab796 Mon Sep 17 00:00:00 2001
From: Ryan Plas <ryan.plas@stage2sec.com>
Date: Sat, 11 Jul 2020 22:17:06 -0400
Subject: [PATCH] Update powershell_shellcode_b64.yml logsource to use the
 correct Sigma schema values

---
 rules/windows/powershell/powershell_shellcode_b64.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/powershell/powershell_shellcode_b64.yml b/rules/windows/powershell/powershell_shellcode_b64.yml
index fabff88ac..15c7fc9ec 100644
--- a/rules/windows/powershell/powershell_shellcode_b64.yml
+++ b/rules/windows/powershell/powershell_shellcode_b64.yml
@@ -15,7 +15,7 @@ date: 2018/11/17
 logsource:
     product: windows
     service: powershell
-    description: 'Script block logging must be enabled'
+    definition: 'Script block logging must be enabled'
 detection:
     selection:
         EventID: 4104