From d658fec539a7f079e2c88d2668f51ff93131cff4 Mon Sep 17 00:00:00 2001
From: bpatel <bpatel@splunk.com>
Date: Mon, 29 Mar 2021 09:42:44 -0700
Subject: [PATCH] fix from drew's PR

---
 detections/endpoint/create_service_in_suspicious_file_path.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/detections/endpoint/create_service_in_suspicious_file_path.yml b/detections/endpoint/create_service_in_suspicious_file_path.yml
index 2dc01b2685..8da97e16a6 100644
--- a/detections/endpoint/create_service_in_suspicious_file_path.yml
+++ b/detections/endpoint/create_service_in_suspicious_file_path.yml
@@ -29,7 +29,8 @@ tags:
   kill_chain_phases:
   - Privilege Escalation
   mitre_attack_id:
-  - T1569.001, T1569.002
+  - T1569.001
+  - T1569.002
   product:
   - Splunk Enterprise
   - Splunk Enterprise Security