Merge pull request #3091 from splunk/mark_crowdstrike_manual_test

pyth0n1c · web-flow · commit 9f85603faa6c · 2024-08-13T13:37:51.000-07:00
Marked two detections as manual_test
diff --git a/detections/endpoint/crowdstrike_medium_severity_alert.yml b/detections/endpoint/crowdstrike_medium_severity_alert.yml
@@ -52,6 +52,10 @@ tags:
   - event.SeverityName
   risk_score: 49
   security_domain: endpoint
+  manual_test: This detection is marked manual test because the attack_data file and 
+    TA do not provide the event.EndpointIp and event.EndpointName fields.  event.EndpointName 
+    is required to be present for the Risk Message Validation Integration Testing. 
+    This will be investigated and is a tracked issue.
 tests:
 - name: True Positive Test
   attack_data:
diff --git a/detections/endpoint/crowdstrike_privilege_escalation_for_non_admin_user.yml b/detections/endpoint/crowdstrike_privilege_escalation_for_non_admin_user.yml
@@ -52,6 +52,10 @@ tags:
   - event.SeverityName
   risk_score: 49
   security_domain: endpoint
+  manual_test: This detection is marked manual test because the attack_data file and 
+    TA do not provide the event.EndpointIp and event.EndpointName fields. event.EndpointName 
+    is required to be present for the Risk Message Validation Integration Testing. 
+    This will be investigated and is a tracked issue.
 tests:
 - name: True Positive Test
   attack_data:
