From 60bc5253cf7e167194f36116a2e6b10faaa94125 Mon Sep 17 00:00:00 2001
From: Sarkis Nanyan <spellanser@gmail.com>
Date: Wed, 29 May 2019 15:43:44 +0300
Subject: [PATCH] win_disable_event_logging.yml: typo in audit policy name;

---
 rules/windows/builtin/win_disable_event_logging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/builtin/win_disable_event_logging.yml b/rules/windows/builtin/win_disable_event_logging.yml
index fbda6b0c1..74ddd76a7 100644
--- a/rules/windows/builtin/win_disable_event_logging.yml
+++ b/rules/windows/builtin/win_disable_event_logging.yml
@@ -14,7 +14,7 @@ author: '@neu5ron'
 logsource:
     product: windows
     service: security
-    definition: 'Requirements: Audit Policy : Computer Management > Audit Policy Configuration, Group Policy : Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Audit Policy Change'
+    definition: 'Requirements: Audit Policy : Computer Management > Audit Policy Configuration, Group Policy : Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Authorization Policy Change'
 detection:
     selection:
         EventID: 4719