Merge pull request #3428 from splunk/fix-bad-attack-data-link

Update living_off_the_land_detection.yml attack_data

Author: pyth0n1c

detections/endpoint/living_off_the_land_detection.yml

@@ -1,7 +1,7 @@
 name: Living Off The Land Detection
 id: 1be30d80-3a39-4df9-9102-64a467b24abc
-version: 5
-date: '2024-11-13'
+version: 6
+date: '2025-03-26'
 author: Michael Haag, Splunk
 status: production
 type: Correlation
@@ -70,6 +70,6 @@ tests:
 - name: True Positive Test
   attack_data:
   - data: 
-      https://raw.githubusercontent.com/splunk/attack_data/master/datasets/attack_techniques/T1218/living_off_the_land/lolbinrisk.log
+      https://media.githubusercontent.com/media/splunk/attack_data/refs/heads/master/datasets/attack_techniques/T1218/living_off_the_land/lolbinrisk.log
     source: lotl
     sourcetype: stash