From 1fac018f1029b807272ea9a9fc0071db25cfa63a Mon Sep 17 00:00:00 2001
From: Erkin Djindjiev <seaerkin@gmail.com>
Date: Wed, 1 Jul 2020 11:52:04 -0400
Subject: [PATCH] Update MySQL port to 3306 not 3336 (#2)

---
 ..._and_control_sql_server_port_activity_to_the_internet.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/network/command_and_control_sql_server_port_activity_to_the_internet.toml b/rules/network/command_and_control_sql_server_port_activity_to_the_internet.toml
index 77f719be4..e40c2b4a2 100644
--- a/rules/network/command_and_control_sql_server_port_activity_to_the_internet.toml
+++ b/rules/network/command_and_control_sql_server_port_activity_to_the_internet.toml
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.4.0"]
 maturity = "production"
-updated_date = "2020/03/09"
+updated_date = "2020/07/01"
 
 [rule]
 author = ["Elastic"]
@@ -30,7 +30,7 @@ tags = ["Elastic", "Network"]
 type = "query"
 
 query = '''
-network.transport:tcp and destination.port:(1433 or 1521 or 3336 or 5432) and
+network.transport:tcp and destination.port:(1433 or 1521 or 3306 or 5432) and
   source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and
   not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or "::1")
 '''