From faad0209dec4d91c74d3f51f26a09f87900a9032 Mon Sep 17 00:00:00 2001
From: "nasreddine.bencherchali@nextron-systems.com"
 <8741929+nasbench@users.noreply.github.com>
Date: Wed, 12 Oct 2022 11:24:28 +0200
Subject: [PATCH] Rename Plink Port Forward Rule

---
 ...ward.yml => proc_creation_win_susp_plink_port_forward.yml} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename rules/windows/process_creation/{proc_creation_win_susp_plink_remote_forward.yml => proc_creation_win_susp_plink_port_forward.yml} (86%)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_plink_remote_forward.yml b/rules/windows/process_creation/proc_creation_win_susp_plink_port_forward.yml
similarity index 86%
rename from rules/windows/process_creation/proc_creation_win_susp_plink_remote_forward.yml
rename to rules/windows/process_creation/proc_creation_win_susp_plink_port_forward.yml
index a33d595fc..6c95412af 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_plink_remote_forward.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_plink_port_forward.yml
@@ -1,7 +1,7 @@
-title: Suspicious Plink Remote Forwarding
+title: Suspicious Plink Port Forwarding
 id: 48a61b29-389f-4032-b317-b30de6b95314
 status: test
-description: Detects suspicious Plink tunnel remote forarding to a local port
+description: Detects suspicious Plink tunnel port forwarding to a local port
 references:
     - https://www.real-sec.com/2019/04/bypassing-network-restrictions-through-rdp-tunneling/
     - https://medium.com/@informationsecurity/remote-ssh-tunneling-with-plink-exe-7831072b3d7d