From 8ec0060938e47e379ed10650205d69847902d8dc Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Thu, 30 Jan 2020 10:09:22 +0100
Subject: [PATCH] fix: fixing bug

---
 rules/windows/builtin/win_rdp_reverse_tunnel.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/builtin/win_rdp_reverse_tunnel.yml b/rules/windows/builtin/win_rdp_reverse_tunnel.yml
index ce26c94b1..97e89f9dd 100644
--- a/rules/windows/builtin/win_rdp_reverse_tunnel.yml
+++ b/rules/windows/builtin/win_rdp_reverse_tunnel.yml
@@ -18,13 +18,13 @@ detection:
     selection:
         EventID: 5156
     sourceRDP:
+        SourcePort: 3389
         DestinationAddress:
-            SourcePort: 3389
             - '127.*'
             - '::1'
     destinationRDP:
+        DesinationPort: 3389
         SourceAddress:
-            DesinationPort: 3389
             - '127.*'
             - '::1'
     condition: selection and ( sourceRDP or destinationRDP )