From 1bf60551ff030baa3a1753255a222b2265839eda Mon Sep 17 00:00:00 2001
From: Justin Ibarra <brokensound77@users.noreply.github.com>
Date: Fri, 17 Jul 2020 15:52:04 -0500
Subject: [PATCH] Update lateral_movement_dns_server_overflow.toml

---
 rules/windows/lateral_movement_dns_server_overflow.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/lateral_movement_dns_server_overflow.toml b/rules/windows/lateral_movement_dns_server_overflow.toml
index 87e6e186a..6762ff8d3 100644
--- a/rules/windows/lateral_movement_dns_server_overflow.toml
+++ b/rules/windows/lateral_movement_dns_server_overflow.toml
@@ -20,7 +20,7 @@ false_positives = [
 index = ["packetbeat-*", "filebeat-*"]
 language = "kuery"
 license = "Elastic License"
-name = "Abnormally Large DNS Request"
+name = "Abnormally Large DNS Response"
 note = """### Investigating Large DNS Responses
 Detection alerts from this rule indicate an attempt was made to exploit CVE-2020-1350 (SigRed) through the use of large DNS responses on a Windows DNS server. Here are some possible avenues of investigation:
 - Investigate any corresponding Intrusion Detection Signatures (IDS) alerts that can validate this detection alert.