From d510e1aad45908a0b73c66fce6d349d09cace3b4 Mon Sep 17 00:00:00 2001
From: zaphod <18658828+zaphodef@users.noreply.github.com>
Date: Mon, 11 May 2020 18:31:59 +0200
Subject: [PATCH] Fix 'source' value for win_susp_backup_delete

---
 rules/windows/builtin/win_susp_backup_delete.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/builtin/win_susp_backup_delete.yml b/rules/windows/builtin/win_susp_backup_delete.yml
index 7741c3eb5..32dfb5d00 100644
--- a/rules/windows/builtin/win_susp_backup_delete.yml
+++ b/rules/windows/builtin/win_susp_backup_delete.yml
@@ -16,7 +16,7 @@ logsource:
 detection:
     selection:
         EventID: 524
-        Source: Backup
+        Source: Microsoft-Windows-Backup
     condition: selection
 falsepositives:
     - Unknown