From 3791f25b6bcb7726c47178d389d04d6e81035171 Mon Sep 17 00:00:00 2001
From: dluxtron <106139814+dluxtron@users.noreply.github.com>
Date: Tue, 2 Jul 2024 12:03:46 +1000
Subject: [PATCH] Adding new detections

---
 .../detect_distributed_password_spray_attempts.yml            | 4 ++++
 detections/application/detect_password_spray_attempts.yml     | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/detections/application/detect_distributed_password_spray_attempts.yml b/detections/application/detect_distributed_password_spray_attempts.yml
index be4c070da1..49332f4831 100644
--- a/detections/application/detect_distributed_password_spray_attempts.yml
+++ b/detections/application/detect_distributed_password_spray_attempts.yml
@@ -51,6 +51,10 @@ tags:
     type: Endpoint
     role:
     - Attacker
+  - name: sourcetype
+    type: Other
+    role:
+    - Victim
   product:
   - Splunk Enterprise
   - Splunk Enterprise Security
diff --git a/detections/application/detect_password_spray_attempts.yml b/detections/application/detect_password_spray_attempts.yml
index 9c0ea37da0..b5bf2c435b 100644
--- a/detections/application/detect_password_spray_attempts.yml
+++ b/detections/application/detect_password_spray_attempts.yml
@@ -49,6 +49,10 @@ tags:
     type: Endpoint
     role:
     - Attacker
+  - name: sourcetype
+    type: Other
+    role:
+    - Victim
   product:
   - Splunk Enterprise
   - Splunk Enterprise Security