From 12c822511ed2571fc7b1087cd3a4314bd76bb054 Mon Sep 17 00:00:00 2001
From: Remco Hofman <remcohofman98@gmail.com>
Date: Thu, 3 Jun 2021 21:33:11 +0200
Subject: [PATCH] Consistency: Service File Name to ServiceFileName

---
 rules/windows/builtin/win_cobaltstrike_service_installs.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/builtin/win_cobaltstrike_service_installs.yml b/rules/windows/builtin/win_cobaltstrike_service_installs.yml
index b64055444..9834aee86 100644
--- a/rules/windows/builtin/win_cobaltstrike_service_installs.yml
+++ b/rules/windows/builtin/win_cobaltstrike_service_installs.yml
@@ -5,7 +5,7 @@ author: Florian Roth, Wojciech Lesicki
 references:
     - https://www.sans.org/webcasts/119395
 date: 2021/05/26
-modified: 2021/06/01
+modified: 2021/06/03
 tags:
     - attack.execution
     - attack.privilege_escalation
@@ -20,11 +20,11 @@ detection:
     selection1:
         EventID: 7045
     selection2:
-        Service File Name|contains|all: 
+        ServiceFileName|contains|all: 
             - 'ADMIN$'
             - '.exe'
     selection3:
-        Service File Name|contains|all: 
+        ServiceFileName|contains|all: 
             - '%COMSPEC%'
             - 'start'
             - 'powershell'