Sysmon service stop, not the generic one

ljstella · ljstella · commit 2af5bb3aab3d · 2025-05-02T12:03:44.000-05:00
diff --git a/detections/endpoint/linux_auditd_sysmon_service_stop.yml b/detections/endpoint/linux_auditd_sysmon_service_stop.yml
@@ -70,6 +70,6 @@ tags:
 tests:
 - name: True Positive Test
   attack_data:
-  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1489/linux_auditd_service_stop/linux_auditd_service_stop.log
+  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1489/linux_auditd_sysmon_service_stop/linux_auditd_sysmon_service_stop.log
     source: auditd
     sourcetype: auditd
