Skip to content

Commit 17b1fd4

Browse files
pyth0n1cpyth0n1c
authored
Update living_off_the_land_detection.yml attack_data
We did not catch this previously because it is a correlation search, so the links are not checked. I found this manually.
1 parent 13800a7 commit 17b1fd4

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

detections/endpoint/living_off_the_land_detection.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: Living Off The Land Detection
22
id: 1be30d80-3a39-4df9-9102-64a467b24abc
3-
version: 5
4-
date: '2024-11-13'
3+
version: 6
4+
date: '2025-03-26'
55
author: Michael Haag, Splunk
66
status: production
77
type: Correlation
@@ -70,6 +70,6 @@ tests:
7070
- name: True Positive Test
7171
attack_data:
7272
- data:
73-
https://raw.githubusercontent.com/splunk/attack_data/master/datasets/attack_techniques/T1218/living_off_the_land/lolbinrisk.log
73+
https://media.githubusercontent.com/media/splunk/attack_data/refs/heads/master/datasets/attack_techniques/T1218/living_off_the_land/lolbinrisk.log
7474
source: lotl
7575
sourcetype: stash

0 commit comments

Comments
 (0)