fix: SigmaHQ#4572

Author: nasbench

rules/windows/builtin/security/win_security_service_install_remote_access_software.yml

@@ -9,7 +9,7 @@ references:
     - https://redcanary.com/blog/misbehaving-rats/
 author: Connor Martin, Nasreddine Bencherchali (Nextron Systems)
 date: 2022/12/23
-modified: 2023/06/22
+modified: 2023/11/15
 tags:
     - attack.persistence
     - attack.t1543.003
@@ -21,7 +21,7 @@ logsource:
 detection:
     selection:
         EventID: 4697
-        ServiceFileName|contains:
+        ServiceName|contains:
             # Based on https://github.com/SigmaHQ/sigma/pull/2841
             - 'AmmyyAdmin' # https://www.ammyy.com/en/
             - 'Atera'