From 9ca52259dd91fe02f997c3240cb250ad448c8a56 Mon Sep 17 00:00:00 2001
From: Thomas Patzke <thomas@patzke.org>
Date: Fri, 20 Dec 2019 00:11:34 +0100
Subject: [PATCH] Fixed identifier

---
 rules/windows/builtin/win_ad_object_writedac_access.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/builtin/win_ad_object_writedac_access.yml b/rules/windows/builtin/win_ad_object_writedac_access.yml
index a634df4da..fcecea5d0 100644
--- a/rules/windows/builtin/win_ad_object_writedac_access.yml
+++ b/rules/windows/builtin/win_ad_object_writedac_access.yml
@@ -10,7 +10,7 @@ logsource:
     product: windows
     service: security
 detection:
-    selection_one: 
+    selection: 
         EventID: 4662
         ObjectServer: 'DS'
         AccessMask: 0x40000
@@ -20,4 +20,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: critical
\ No newline at end of file
+level: critical