Fix typo in event.action for AUDIT_ANOM_LINK (#66)

This fixes a typo in used-suspcious-link to used-suspicious-link. Closes #51
elastic · Jun 18, 2020 · d94d465 · d94d465
1 parent 9bd3927
commit d94d465
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Added semantic versioning support via go modules. #61
 - Added ECS categorization support for events by record type and syscall. #62
 - Fixed a typo in the action value associated with ROLE_REMOVE messages. #65
+- Fixed a typo in the action value associated with ANOM_LINK messages. #66
 
 ### Removed
 

diff --git a/aucoalesce/normalizations.yaml b/aucoalesce/normalizations.yaml
@@ -1466,7 +1466,7 @@ normalizations:
       type: start
   # AUDIT_ANOM_LINK - Suspicious use of file links
   - record_types: ANOM_LINK
-    action: used-suspcious-link
+    action: used-suspicious-link
   # AUDIT_ANOM_LOGIN_FAILURES - Failed login limit reached
   - <<: *macro-user-session
     record_types: ANOM_LOGIN_FAILURES