From b51508db2f2c83473b7bd0c3f768cb514bb4986d Mon Sep 17 00:00:00 2001
From: junk <junk@noreply.localhost>
Date: Tue, 3 Dec 2024 11:21:09 -0500
Subject: [PATCH] Update splunk_alert.md

---
 splunk_alert.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/splunk_alert.md b/splunk_alert.md
index 5073c4e..16ba581 100644
--- a/splunk_alert.md
+++ b/splunk_alert.md
@@ -6,7 +6,7 @@ mitre_technique="Create or Modify System Process",
 mitre_subtechnique_id="T1543.001",
 mitre_subtechnique="Launch Agent",
 mitre_category="Persistence",
-apt=mvappend("APT28", "APT29"),
+apt=mvappend("APT28", ""),
 hunting_trigger="Look for unusual modifications to system processes.",
 mitre_link="https://attack.mitre.org/techniques/T1543/",
 creator="Cpl Iverson",
@@ -17,7 +17,5 @@ priority="High"
 | `process_create_whitelist` 
 | eval indextime = _indextime 
 | convert ctime(indextime) 
-| eval indextime = _indextime 
-| convert ctime(indextime) 
 | table _time indextime event_description hash_sha256 host_fqdn user_name original_file_name process_path process_guid process_parent_path process_id process_parent_id process_command_line process_parent_command_line process_parent_guid mitre_category mitre_technique mitre_technique_id mitre_subtechnique_id mitre_subtechnique apt hunting_trigger mitre_link upload_date last_modify_date mitre_version priority
 ```
\ No newline at end of file