query fixes

2021-03-05 18:45:46 -08:00 · 2021-03-05 18:45:46 -08:00 · 939eb458fc
--- a/Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml
+++ b/Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml
@ -31,7 +31,7 @@ requiredDataConnectors:
  - connectorId: SecurityEvents
    dataTypes:
      - SecurityEvents
-  - connectorId: WindowsFireWall
+  - connectorId: WindowsFirewall
    dataTypes:
      - WindowsFirewall
 queryFrequency: 1h
@ -74,7 +74,7 @@ query: |
  | extend Hashes = EventDetail.[16].["#text"]
  | where isnotempty(Hashes)
  | parse Hashes with * 'SHA256=' SHA256 ',' * 
-  | where SHA256 in~ (SHA256Hash) 
+  | where SHA256 in~ (sha256s) 
  | extend Type = strcat(Type, ": ", Source), Account = UserName, FileHash = Hashes
  | extend timestamp = TimeGenerated, AccountCustomEntity = Account, HostCustomEntity = Computer
  ),