Update rules/cross-platform/execution_aws_ec2_lolbin_via_ssm.toml

Co-authored-by: Mika Ayenson, PhD <[email protected]>

Author: terrancedejesus

rules/cross-platform/execution_aws_ec2_lolbin_via_ssm.toml

@@ -206,7 +206,7 @@ FROM logs-aws.cloudtrail*, logs-endpoint.events.process-* METADATA _id, _version
     Esql.process_parent_command_line_lolbin_values =
       VALUES(CASE(Esql.is_lolbin_process, process.parent.command_line, null)),
       
-      Esql.data_steam_namespace_values = VALUES(data_stream.namespace)
+      Esql.data_stream_namespace_values = VALUES(data_stream.namespace)
   BY Esql.aws_ssm_command_id
 
 // Detection condition: SSM SendCommand + AWS-RunShellScript + LOLBin on endpoint