Skip to content

Commit

Permalink
Merge pull request #3091 from splunk/mark_crowdstrike_manual_test
Browse files Browse the repository at this point in the history 
Marked two detections as manual_test
  • Loading branch information
@pyth0n1c
pyth0n1c committed Aug 13, 2024
2 parents 1e3aa45 + b41c8c2 commit 9f85603
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions detections/endpoint/crowdstrike_medium_severity_alert.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ tags:
- event.SeverityName
risk_score: 49
security_domain: endpoint
manual_test: This detection is marked manual test because the attack_data file and
TA do not provide the event.EndpointIp and event.EndpointName fields. event.EndpointName
is required to be present for the Risk Message Validation Integration Testing.
This will be investigated and is a tracked issue.
tests:
- name: True Positive Test
attack_data:
Expand Down
4 changes: 4 additions & 0 deletions detections/endpoint/crowdstrike_privilege_escalation_for_non_admin_user.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ tags:
- event.SeverityName
risk_score: 49
security_domain: endpoint
manual_test: This detection is marked manual test because the attack_data file and
TA do not provide the event.EndpointIp and event.EndpointName fields. event.EndpointName
is required to be present for the Risk Message Validation Integration Testing.
This will be investigated and is a tracked issue.
tests:
- name: True Positive Test
attack_data:
Expand Down

0 comments on commit 9f85603

Please sign in to comment.