From 14df4500d1524ba8ebb27de6c8ee4df6e57f9ee2 Mon Sep 17 00:00:00 2001
From: CERT National Insider Threat Center
 <68612887+sei-nitc@users.noreply.github.com>
Date: Wed, 3 Nov 2021 12:43:50 -0400
Subject: [PATCH] Update insider-threat-detection-queries.md

Fixes Typo
---
 General queries/insider-threat-detection-queries.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/General queries/insider-threat-detection-queries.md b/General queries/insider-threat-detection-queries.md
index 6e21cc97..1958373d 100644
--- a/General queries/insider-threat-detection-queries.md	
+++ b/General queries/insider-threat-detection-queries.md	
@@ -41,7 +41,7 @@ DeviceLogonEvents
 //
 // Extend stegnames array with know steganography tools
 // We could also use the known hash for steganography tools and use those hashes in this table
-let stegnames = pack_array ("camouflage","crypture", "hidensend", "openpuff","picsel","slienteye","steg","xiao");
+let stegnames = pack_array ("camouflage","crypture", "hidensend", "openpuff","picsel","silenteye","steg","xiao");
 let ProcessQuery = view(){
 DeviceProcessEvents 
 | where ProcessCommandLine has_any (stegnames)