Update yml files to fix validation issues (adding source)

jwindley · jwindley · commit bb01a0e26bcf · 2025-12-16T11:00:14.000Z
diff --git a/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.yml b/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.yml
@@ -6,4 +6,5 @@ environment: vm
 datasets:
 - name: macos_gatekeeper_bypass_xattr.log
   path: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/
-  sourcetype: 'osquery:results'
+  sourcetype: 'osquery:results'
+  source: '/var/log/osquery/osqueryd.results.log'
diff --git a/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.yml b/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.yml
@@ -6,4 +6,5 @@ environment: vm
 datasets:
 - name: macos_gatekeeper_bypass_LSFileQuarantineEnabled.log
   path: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/
-  sourcetypes: 'osquery:results'
+  sourcetypes: 'osquery:results'
+  source: '/var/log/osquery/osqueryd.results.log'
