From 62d305b6cd0f8ab67b23509752144cd836c567d6 Mon Sep 17 00:00:00 2001
From: aprakash13 <37783395+aprakash13@users.noreply.github.com>
Date: Thu, 17 Sep 2020 11:30:07 -0700
Subject: [PATCH] Update PulseConnectSecureVPN-PasswordSpray.yaml

Updating the name and description of the query.
---
 .../PulseConnectSecureVPN-PasswordSpray.yaml                 | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Detections/PulseConnectSecure/PulseConnectSecureVPN-PasswordSpray.yaml b/Detections/PulseConnectSecure/PulseConnectSecureVPN-PasswordSpray.yaml
index a3184464ff..bb99315968 100644
--- a/Detections/PulseConnectSecure/PulseConnectSecureVPN-PasswordSpray.yaml
+++ b/Detections/PulseConnectSecure/PulseConnectSecureVPN-PasswordSpray.yaml
@@ -1,8 +1,7 @@
 id: 1fa1528e-f746-4794-8a41-14827f4cb798
-name: PulseConnectSecure - Potential Password Spray Attempts
+name: PulseConnectSecure - Large Number of Distinct Failed User Logins
 description: |
-  'This query identifies evidence of potential password spray activity against the Pulse Secure VPN server, 
-   by looking for failures from multiple accounts, originating from the same host within a time window'
+  'This query identifies evidence of failed login attempts from a large number of distinct users on a Pulse Connect Secure VPN server'
 severity: Medium
 requiredDataConnectors:
   - connectorId: PulseConnectSecure