From 19253acb9f8ebc44eb592551e75666afd61c7e6f Mon Sep 17 00:00:00 2001
From: Iveco <Iveco@users.noreply.github.com>
Date: Tue, 17 Aug 2021 20:44:30 +0200
Subject: [PATCH] Update C2-NamedPipe.md

---
 Command and Control/C2-NamedPipe.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Command and Control/C2-NamedPipe.md b/Command and Control/C2-NamedPipe.md
index 0b82dc9..beaa81b 100644
--- a/Command and Control/C2-NamedPipe.md	
+++ b/Command and Control/C2-NamedPipe.md	
@@ -82,7 +82,7 @@ This query can be used to detect the following attack techniques and tactics ([s
 
 **Contributor:** [@xknow_infosec](https://twitter.com/xknow_infosec)
 
-This detection is a summary of knowledge already known. Credits only to original authors. Defender for Endpoint lately just added a new ActionType for SMB named pipes (NamedPipeEvent), which would allow equal usecase now based on the same telemetry (for example Sysmon EventID 17/18).
+This detection is a summary of knowledge already known. Credits only to original authors. Defender for Endpoint lately just added a new ActionType for SMB named pipes (NamedPipeEvent), which would allow new equal usecases now based on the same telemetry (for example replicating all Sysmon EventID 17/18 detections).
 
 Original Authors / Credits / Ressources:
 * https://github.com/SigmaHQ/sigma/blob/master/rules/windows/pipe_created/sysmon_psexec_pipes_artifacts.yml