From 5a28b910c43ef6e948166be28c97de0da8bfb955 Mon Sep 17 00:00:00 2001
From: Carlos Perez <carlos_perez@darkoperator.com>
Date: Fri, 10 Jul 2020 14:41:35 -0400
Subject: [PATCH] Update Sysmon.md

---
 Sysmon.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Sysmon.md b/Sysmon.md
index a1d5692..dcd6d89 100644
--- a/Sysmon.md
+++ b/Sysmon.md
@@ -1643,7 +1643,7 @@ a VDI environment
 
 ## Registry Actions
 
-Sysmon has the capability to monitor for three major actions against Registry
+Sysmon has the capability to monitor for three major actions against the Registry
 
 * **EventID 12** - Registry object added or deleted
 
@@ -1719,7 +1719,7 @@ In registry events, the value name is appended to the full key path with a \"\\\
 
 Default key values are named \"\\(Default)\"
 
-When filtering for keys or values in HKCU, use **contains** or **end with** when filtering against **TargetObject** since the SID of the user is appended after the Hive name.
+When filtering for keys or values in HKCU, use **contains** or **ends with** when filtering against **TargetObject** since the SID of the user is appended after the Hive name.
 
 ![HKCU Test](./media/image51.png)