diff --git a/cdc.md b/cdc.md
index ed4148b..806de88 100644
--- a/cdc.md
+++ b/cdc.md
@@ -10,13 +10,14 @@ actions:
     
 regexes:
   IP: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'
+
 streams:
  nextcloud:
-   command: journalctl -fu phpfpm-nextcloud.service
+   cmd: journalctl -fu phpfpm-nextcloud.service
    actions:
      - regex: '"message":"Login failed: .\+ (Remote IP: \(?<IP>[0-9a-fA-F.:]\+\))"'
        # Can also be a list
-       do: iptables -I f2b-nextcloud 1 -s <ip> -j <blocktype>
+       cmd: iptables -I f2b-nextcloud 1 -s <ip> -j <blocktype>
 ```
 
 reactionc: le client