fix rba message (#3934)

patel-bhavin · web-flow · commit 721701945747 · 2026-03-03T21:40:57.000+01:00
diff --git a/detections/endpoint/windows_dll_side_loading_in_calc.yml b/detections/endpoint/windows_dll_side_loading_in_calc.yml
@@ -42,7 +42,7 @@ drilldown_searches:
       earliest_offset: $info_min_time$
       latest_offset: $info_max_time$
 rba:
-    message: The [ $image$ ] process loaded the [ $ImageLoaded$ ] DLL from a non-standard location on [ $dest$ ]
+    message: The [ $Image$ ] process loaded the [ $ImageLoaded$ ] DLL from a non-standard location on [ $dest$ ]
     risk_objects:
         - field: dest
           type: system
