From e6e3fc2eec44a2238ee5dfa7ebb01355f5a31dd8 Mon Sep 17 00:00:00 2001
From: Austin Songer <a.songer@protonmail.com>
Date: Mon, 6 Sep 2021 11:16:35 -0500
Subject: [PATCH] Update azure_federation_modified.yml

---
 rules/cloud/azure/azure_federation_modified.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/cloud/azure/azure_federation_modified.yml b/rules/cloud/azure/azure_federation_modified.yml
index 37b7f5858..f5b0eee44 100644
--- a/rules/cloud/azure/azure_federation_modified.yml
+++ b/rules/cloud/azure/azure_federation_modified.yml
@@ -7,7 +7,7 @@ date: 2021/09/06
 references:
     - https://attack.mitre.org/techniques/T1078/
 logsource:
-  service: azure.activitylogs
+  service: azure.signinlogs
 detection:
     selection:
         properties.message: Set federation settings on domain