Removed Observables section from last two stragglers

ljstella · ljstella · commit a10fa00d0bfe · 2025-01-22T13:26:14.000-06:00
diff --git a/detections/endpoint/windows_bitlockertogo_process_execution.yml b/detections/endpoint/windows_bitlockertogo_process_execution.yml
@@ -42,15 +42,6 @@ tags:
   asset_type: Endpoint
   mitre_attack_id:
   - T1218
-  observable:
-  - name: dest
-    type: Endpoint
-    role:
-    - Victim
-  - name: user
-    type: User
-    role:
-    - Victim
   product:
   - Splunk Enterprise
   - Splunk Enterprise Security
diff --git a/detections/endpoint/windows_bitlockertogo_with_network_activity.yml b/detections/endpoint/windows_bitlockertogo_with_network_activity.yml
@@ -38,11 +38,6 @@ tags:
   asset_type: Endpoint
   mitre_attack_id:
   - T1218
-  observable:
-  - name: dest
-    type: Endpoint
-    role:
-    - Victim
   product:
   - Splunk Enterprise
   - Splunk Enterprise Security
