From 91cc97d0996552b25fca2abc38fb1e27cccf1a50 Mon Sep 17 00:00:00 2001
From: Bhabesh Rai <brs@logpoint.com>
Date: Thu, 24 Jun 2021 21:07:52 +0545
Subject: [PATCH] Fixed the taxonomy

---
 .../zeek/zeek_default_cobalt_strike_certificate.yml       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/network/zeek/zeek_default_cobalt_strike_certificate.yml b/rules/network/zeek/zeek_default_cobalt_strike_certificate.yml
index 513e00888..6dad3ef82 100644
--- a/rules/network/zeek/zeek_default_cobalt_strike_certificate.yml
+++ b/rules/network/zeek/zeek_default_cobalt_strike_certificate.yml
@@ -13,12 +13,12 @@ logsource:
   service: x509
 detection:
   selection:
-    certificate_serial: 8bb00ee
+    certificate.serial: 8bb00ee
   condition: selection
 fields:
-    - san_dns
-    - certificate_subject
-    - certificate_issuer
+    - san.dns
+    - certificate.subject
+    - certificate.issuer
 falsepositives:
     - none
 level: high