Update rules/windows/credential_access_kerberos_coerce_dns.toml

w0rk3r · Samirbous · web-flow · commit f8d3e310cd12 · 2025-06-17T09:39:39.000-03:00
Co-authored-by: Samirbous &lt;64742097+Samirbous@users.noreply.github.com&gt;
diff --git a/rules/windows/credential_access_kerberos_coerce_dns.toml b/rules/windows/credential_access_kerberos_coerce_dns.toml
@@ -85,7 +85,7 @@ timestamp_override = "event.ingested"
 type = "eql"
 
 query = '''
-network where host.os.name : "windows" and dns.question.name : "*UWhRCA*BAAAA*"
+network where host.os.name : "windows" and dns.question.name : "*UWhRC*BAAAA*"
 '''
 
 
