From 53412a13ce0da00a05802d4341261a25a58a3eb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89milio=20Gonzalez?= <little.moon6016@fastmail.com>
Date: Mon, 18 Dec 2023 17:12:41 -0500
Subject: [PATCH 1/2] Fix invalid rule in appendix_meta_rules.md

The example correlation had an invalid `detection` block.
---
 appendix_meta_rules.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/appendix_meta_rules.md b/appendix_meta_rules.md
index b3b4225..667b19d 100644
--- a/appendix_meta_rules.md
+++ b/appendix_meta_rules.md
@@ -676,4 +676,5 @@ detection:
         EventID:
           - 528
           - 4624
-```
\ No newline at end of file
+    condition: selection
+```

From 24974e7af35811529ee05cbaa8e8b610bcb6b9eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89milio=20Gonzalez?= <little.moon6016@fastmail.com>
Date: Mon, 18 Dec 2023 17:28:04 -0500
Subject: [PATCH 2/2] Update appendix_meta_rules.md

---
 appendix_meta_rules.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appendix_meta_rules.md b/appendix_meta_rules.md
index 667b19d..ab9c9b4 100644
--- a/appendix_meta_rules.md
+++ b/appendix_meta_rules.md
@@ -346,7 +346,7 @@ Simple example : More than or equal 100 failed login attempts to a destination h
 title: Many failed logins
 id: 0e95725d-7320-415d-80f7-004da920fc11
 correlation:
-type: event_count
+  type: event_count
   rules:
       - 5638f7c0-ac70-491d-8465-2a65075e0d86
   group-by: