updated test file

splunk · Mar 29, 2021 · ae86d61 · ae86d61
1 parent eb5e776
commit ae86d61
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/tests/endpoint/ssa___first_time_seen_cmd_line.test.yml b/tests/endpoint/ssa___first_time_seen_cmd_line.test.yml
@@ -5,5 +5,6 @@ tests:
     pass_condition: '@count_eq(6)'
     description: Test detection of first time seen command
     attack_data:
-      - file_name: first_time_seen_commandline.json
-        data: https://ssa-test-dataset.s3-us-west-2.amazonaws.com/first_time_seen_commandline.json
+      - file_name: windows-security.log
+        data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.003/cmd_arguments/windows-security.log
+        source: WinEventLog:Security