Update credential_access_machine_account_smb_relay.toml

Author: Samirbous

rules/windows/credential_access_machine_account_smb_relay.toml

@@ -20,7 +20,7 @@ note = """## Triage and analysis
 ### Investigating Potential Machine Account Relay Attack via SMB
 
 ### Possible investigation steps
-- Compare the source.ip to the target server host.ip to make sure it's indeed a remote use of the machine account.
+- Compare the source.ip to the target server host.ip addresses to make sure it's indeed a remote use of the machine account.
 - Examine the source.ip activities as this is the attacker IP address used to relay.
 - Review all relevant activities such as services creation, file and process events on the target server within the same period.
 - Verify the machine account names that end with a dollar sign ($) to ensure they match the expected hostnames, and investigate any discrepancies.