From abc32f3b7a1e80d7eebda3ea7f0b95af18a97fdd Mon Sep 17 00:00:00 2001
From: Matt Burrough <mburrough@gmail.com>
Date: Tue, 29 Jun 2021 13:43:24 -0700
Subject: [PATCH] Update PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml

Fix threshold typo
---
 .../PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml
index 35422be797..e8e0b75567 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml	
@@ -16,17 +16,17 @@ tactics:
 relevantTechniques:
   - T1110
 query: |
-  let threashold = 10;
+  let threshold = 10;
   PaloAltoPrismaCloud
   | where ResourceType =~ 'Login'
   | where EventResult =~ 'Failed'
   | where EventMessage !has 'access key'
   | summarize count() by UserName, bin(TimeGenerated, 5m)
-  | where count_ > threashold
+  | where count_ > threshold
   | extend AccountCustomEntity = UserName
 entityMappings:
   - entityType: Account
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
\ No newline at end of file
+version: 1.0.0