Skip to content

Commit

Permalink
Update detect_certipy_file_modifications.yml
Browse files Browse the repository at this point in the history 
Update for split sourcetype changes
  • Loading branch information
@nterl0k
nterl0k authored Jul 28, 2023
1 parent 0d8c37b commit 2459c35
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion detections/endpoint/detect_certipy_file_modifications.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ tags:
tests:
- name: True Positive Test
attack_data:
- data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1649/certify_abuse/certify_esc1_abuse.log
- data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1649/certify_abuse/certify_esc1_abuse_sysmon.log
source: XmlWinEventLog:Security
sourcetype: XmlWinEventLog
update_timestamp: true

0 comments on commit 2459c35

Please sign in to comment.