Modeling rules fixes (demisto#24259)

* save * save no exit_code * save not fail on test-modeling-rules * remove ciscoasa changes
VukaHeavyIndustries · Feb 6, 2024 · f23895e · f23895e
1 parent 4bd3b4d
commit f23895e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/Packs/Auditd/ModelingRules/Auditd_1_3/Auditd_1_3_testdata.json b/Packs/Auditd/ModelingRules/Auditd_1_3/Auditd_1_3_testdata.json
@@ -5,7 +5,9 @@
             "vendor": "unix",
             "product": "auditd",
             "dataset": "unix_auditd_raw",
-            "event_data": {"_raw_log": "<13>Nov 24 12:20:01 somehost123 audispd: node=czstlls086.prg-dc.dhl.com type=LOGIN msg=audit(1669288801.814:57688940): pid=26435 uid=0 old auid=7632 new auid=0 old ses=337905 new ses=357883"},
+            "event_data": {
+                "_raw_log": "<13>Jan 29 12:20:01 somehost123 audispd: node=czstlls086.prg-dc.dhl.com type=LOGIN msg=audit(1675162708.814:57688940): pid=26435 uid=0 old auid=7632 new auid=0 old ses=337905 new ses=357883"
+            },
             "expected_values": {
                 "xdm.source.user.identifier": "0",
                 "xdm.event.outcome": null,
@@ -16,7 +18,7 @@
                 "xdm.source.user.username": null,
                 "xdm.source.ipv4": null,
                 "xdm.event.id": "57688940",
-                "xdm.source.process.pid": "26435",
+                "xdm.source.process.pid": 26435.0,
                 "xdm.event.type": "LOGIN",
                 "xdm.source.process.command_line": null
             }