updates to manual

MHaggis · web-flow · commit 9b0a748b3d2f · 2025-08-29T12:28:59.000-06:00
diff --git a/detections/endpoint/windows_sql_server_critical_procedures_enabled.yml b/detections/endpoint/windows_sql_server_critical_procedures_enabled.yml
@@ -71,6 +71,7 @@ tags:
   - Splunk Enterprise Security
   - Splunk Cloud
   security_domain: endpoint
+    manual_test: The risk message is dynamically generated in the SPL and it needs to be manually tested for integration testing. 
 tests:
 - name: True Positive Test
   attack_data:
diff --git a/detections/endpoint/windows_sql_server_xp_cmdshell_config_change.yml b/detections/endpoint/windows_sql_server_xp_cmdshell_config_change.yml
@@ -73,6 +73,7 @@ tags:
     - Splunk Enterprise Security
     - Splunk Cloud
     security_domain: endpoint
+      manual_test: The risk message is dynamically generated in the SPL and it needs to be manually tested for integration testing. 
 tests:
   - name: True Positive Test
     attack_data:
