From ea289ac312cbf70bf37cb37428496cbcb79ffd7a Mon Sep 17 00:00:00 2001
From: Paul Masek <30813009+itpropaul@users.noreply.github.com>
Date: Wed, 24 Jul 2019 16:36:34 -0400
Subject: [PATCH] typo: fixed "event 4013" to be  "event 4103"

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e3122d6..392f0db 100644
--- a/README.md
+++ b/README.md
@@ -136,7 +136,7 @@ Enable Windows command-line auditing: https://support.microsoft.com/en-us/kb/300
 Requires auditing logon failures: https://technet.microsoft.com/en-us/library/cc976395.aspx
 ### PowerShell auditing (PowerShell 5.0):
 
-DeepBlueCLI uses module logging (PowerShell event 4013) and script block logging (4104). It does not use transcription.
+DeepBlueCLI uses module logging (PowerShell event 4103) and script block logging (4104). It does not use transcription.
 
 See: https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html