From c8be6e649b4533b93b52667f4dc14ff7741bb424 Mon Sep 17 00:00:00 2001
From: Tareq AlKhatib <talkhatib@palantir.com>
Date: Mon, 4 Mar 2019 16:44:30 +0300
Subject: [PATCH] Fixing failed CI build

---
 rules/apt/apt_apt29_tor.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/apt/apt_apt29_tor.yml b/rules/apt/apt_apt29_tor.yml
index b4a4283c0..936a1aab5 100755
--- a/rules/apt/apt_apt29_tor.yml
+++ b/rules/apt/apt_apt29_tor.yml
@@ -10,16 +10,16 @@ tags:
     - attack.t1172
 detection:
     timeframe: 5m
-    condition: service | near process
+    condition: service_install | near process
 falsepositives:
     - Unknown
 level: high
 ---
 logsource:
-    service: system
     product: windows
+    service: system
 detection:
-    service:
+    service_install:
         EventID: 7045
         ServiceName: 'Google Update'
 ---