adding datasets

josehelps · josehelps · commit d83efc4dd1a7 · 2025-02-13T16:58:01.000-05:00
diff --git a/detections/network/detect_dns_query_to_decommissioned_s3_bucket.yml b/detections/network/detect_dns_query_to_decommissioned_s3_bucket.yml
@@ -50,6 +50,6 @@ tags:
 tests:
 - name: True Positive Test
   attack_data:
-  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/dns_decommissioned_bucket/dns.log
-    source: dns
-    sourcetype: dns 
+  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/s3_bucket_deletion/s3_bucket_deletion.csv
+    source: s3*
+    sourcetype: aws:cloudtrail 
diff --git a/detections/web/detect_web_access_to_decommissioned_s3_bucket.yml b/detections/web/detect_web_access_to_decommissioned_s3_bucket.yml
@@ -54,6 +54,6 @@ tags:
 tests:
 - name: True Positive Test
   attack_data:
-  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/web_decommissioned_bucket/proxy.log
-    source: proxy
-    sourcetype: web_proxy 
+  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/s3_bucket_deletion/s3_bucket_deletion.csv
+    source: s3*
+    sourcetype: aws:cloudtrail
