Fixed naming of fields

splunk · Aug 13, 2024 · b41c8c2 · b41c8c2
1 parent 1ccdc3c
commit b41c8c2
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/detections/endpoint/crowdstrike_medium_severity_alert.yml b/detections/endpoint/crowdstrike_medium_severity_alert.yml
@@ -53,8 +53,8 @@ tags:
   risk_score: 49
   security_domain: endpoint
   manual_test: This detection is marked manual test because the attack_data file and 
-    TA do not provide the src_host and src_ip fields.  src_host is required to be 
-    present for the Risk Message Validation Integration Testing. 
+    TA do not provide the event.EndpointIp and event.EndpointName fields.  event.EndpointName 
+    is required to be present for the Risk Message Validation Integration Testing. 
     This will be investigated and is a tracked issue.
 tests:
 - name: True Positive Test

diff --git a/detections/endpoint/crowdstrike_privilege_escalation_for_non_admin_user.yml b/detections/endpoint/crowdstrike_privilege_escalation_for_non_admin_user.yml
@@ -53,8 +53,8 @@ tags:
   risk_score: 49
   security_domain: endpoint
   manual_test: This detection is marked manual test because the attack_data file and 
-    TA do not provide the src_host and src_ip fields.  src_host is required to be 
-    present for the Risk Message Validation Integration Testing. 
+    TA do not provide the event.EndpointIp and event.EndpointName fields. event.EndpointName 
+    is required to be present for the Risk Message Validation Integration Testing. 
     This will be investigated and is a tracked issue.
 tests:
 - name: True Positive Test