From 56ffa9ec0edb454d43dacfdee535e1efad2e2e2b Mon Sep 17 00:00:00 2001
From: Antonlovesdnb <aovrutsky@gmail.com>
Date: Wed, 19 Feb 2020 14:50:09 -0500
Subject: [PATCH] Update sysmon_registry_trust_record_modification.yml

---
 .../sysmon/sysmon_registry_trust_record_modification.yml  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml
index e01ed0d83..1d9dd6902 100644
--- a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml
+++ b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml
@@ -6,10 +6,10 @@ references:
     - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/
     - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html
 author: Antonlovesdnb
-date: 2020/2/19
-modified: 2020/2/19
+date: 2020/02/19
+modified: 2020/02/19
 tags:
-    - attack.initial.access
+    - attack.initial_access
     - attack.t1193
 logsource:
     product: windows
@@ -21,4 +21,4 @@ detection:
     condition: selection
 falsepositives:
     - Alerts on legitimate macro usage as well, will need to filter as appropriate
-level: medium
\ No newline at end of file
+level: medium