From a1b0dfc0cdc029f30829d3c674ff005e7aa046ef Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Tue, 11 May 2021 10:49:10 +0200
Subject: [PATCH] Correct cast-sensitive Key "DestinationIp"

---
 .../windows/network_connection/sysmon_rdp_reverse_tunnel.yml  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml
index ad50510af..b42525448 100755
--- a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml
+++ b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml
@@ -6,7 +6,7 @@ references:
     - https://twitter.com/SBousseaden/status/1096148422984384514
 author: Samir Bousseaden
 date: 2019/02/16
-modified: 2020/08/24
+modified: 2021/05/11
 tags:
     - attack.command_and_control
     - attack.t1572
@@ -25,7 +25,7 @@ detection:
     selection2:
         - DestinationIp|startswith:
             - '127.'
-        - DestinationIP:
+        - DestinationIp:
             - '::1'
     condition: selection and selection2
 falsepositives: