From 1b0f1ad1e46f35b54cbf9989b9e723bb3ead0f91 Mon Sep 17 00:00:00 2001
From: Eric Conrad <git@zez.me>
Date: Thu, 7 Sep 2017 12:01:48 -0400
Subject: [PATCH] Update README.md

---
 README.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3383c35..7678ed4 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Sample evtx files are in the .\evtx directory
 - [Usage](#usage)  
 - [Examples](#examples) 
 - [Logging setup](#Logging)
-- [VirusTotal/Whitelisting setup](#VirusTotal/Whitelisting setup)
+- [VirusTotal/Whitelisting setup](#VirusTotal/Whitelisting)
 
 ## Usage:
 
@@ -77,7 +77,9 @@ See 'Logging setup' section below for how to configure these logs
 - Windows Powershell event IDs 4103 and 4104
 - Sysmon event ID 1
 
-## Logging setup
+## Logging 
+
+Setting up logging:
 
 ### Security event 4688 (Command line auditing):
 
@@ -106,7 +108,9 @@ Install Sysmon from Sysinternals: https://docs.microsoft.com/en-us/sysinternals/
 
 Log SHA1 hashes. Others are fine; DeepBlueCLI will use SHA1.
 
-## VirusTotal/Whitelisting setup
+## VirusTotal/Whitelisting 
+
+Setting up VirusTotal hash submissions and whitelisting:
 
 The hash checker requires Post-VirusTotal: