From 3298d7ec67ae7c58a3f2ea49f8b4a49267e80d82 Mon Sep 17 00:00:00 2001 From: research-bot Date: Tue, 29 Oct 2024 10:29:10 -0700 Subject: [PATCH] log --- .../endpoint/detect_critical_alerts_from_security_tools.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detections/endpoint/detect_critical_alerts_from_security_tools.yml b/detections/endpoint/detect_critical_alerts_from_security_tools.yml index f26bc48788..ae08b6281f 100644 --- a/detections/endpoint/detect_critical_alerts_from_security_tools.yml +++ b/detections/endpoint/detect_critical_alerts_from_security_tools.yml @@ -70,6 +70,6 @@ tests: sourcetype: mscs:azure:eventhub:defender:advancedhunting - name: True Positive Test attack_data: - - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/alerts/defender_incident_alerts.txt + - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/alerts/defender_incident_alerts.log source: m365_defender_incident_alerts sourcetype: ms365:defender:incident:alerts \ No newline at end of file