Update rules/windows/lateral_movement_credential_access_kerberos_correlation.toml

Co-authored-by: Jonhnathan <[email protected]>

Author: Samirbous

rules/windows/lateral_movement_credential_access_kerberos_correlation.toml

@@ -83,7 +83,7 @@ sequence by source.port, source.ip with maxspan=3s
  [network where host.os.type == "windows" and destination.port == 88 and
   process.executable != null and
   not process.executable : ("?:\\Windows\\system32\\lsass.exe", "\\device\\harddiskvolume*\\windows\\system32\\lsass.exe") and
-  source.ip != "127.0.0.1" and destination.ip !="::1" and destination.ip !="127.0.0.1"]
+  source.ip != "127.0.0.1" and destination.ip != "::1" and destination.ip != "127.0.0.1"]
  [authentication where host.os.type == "windows" and event.code in ("4768", "4769")]
 '''