From 865b58dd3e1b417601c89c8ed08c559582e03e8f Mon Sep 17 00:00:00 2001
From: Matthew Iverson <matthew@noreply.localhost>
Date: Wed, 4 Dec 2024 17:17:42 -0500
Subject: [PATCH] Update splunk_alert.md

---
 splunk_alert.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/splunk_alert.md b/splunk_alert.md
index d434a23..a15f4e2 100644
--- a/splunk_alert.md
+++ b/splunk_alert.md
@@ -1,5 +1,5 @@
 ```
-`indextime` `sysmon` RuleName="technique_id=T1027,technique_name=Obfuscated Files or Information"
+`indextime` `sysmon` <SEARCH>
 | eval hash_sha256= lower(hash_sha256),
 hunting_trigger="",
 mitre_category="Defense_Evasion",
@@ -10,8 +10,8 @@ mitre_subtechnique_id="",
 apt="",
 mitre_link="https://attack.mitre.org/techniques/T1027/",
 creator="Cpl Iverson",
-upload_date="2024/12/03",
-last_modify_date="2024/12/03",
+upload_date="FIRSTDATE",
+last_modify_date="CURRENTDATE",
 mitre_version="v16",
 priority=""
 | `process_create_whitelist`