From d7ad765f2e59428c5c6ee4db53b024972b379fb7 Mon Sep 17 00:00:00 2001
From: Rod Soto <rsoto@splunk.com>
Date: Wed, 12 Nov 2025 12:30:46 -0500
Subject: [PATCH 1/2] fixedlinks

---
 .../local_llms/suspicious_local_llm_frameworks.yml            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml b/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml
index 7314bd74..66cf37fe 100644
--- a/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml
+++ b/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml
@@ -8,10 +8,10 @@ mitre_technique: []
 datasets:
 - name: sysmon_local_llms
   path: /datasets/local_llms/sysmon_local_llms.txt
-  source: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/sysmon_local_llms.txt
+  source: https://raw.githubusercontent.com/splunk/attack_data/master/datasets/suspicious_behaviour/sysmon_local_llms.txt
   sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 - name: 4688_local_llms
   path: /datasets/local_llms/4688_local_llms.txt
-  source: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/local_llms/4688_local_llms.txt
+  source: https://raw.githubusercontent.com/splunk/attack_data/master/datasets/suspicious_behaviour/local_llms/4688_local_llms.txt
   sourcetype: XmlWinEventLog:Security
 

From 10dc402759f12809569bf05afc934e131791d356 Mon Sep 17 00:00:00 2001
From: Rod Soto <rsoto@splunk.com>
Date: Wed, 12 Nov 2025 12:33:21 -0500
Subject: [PATCH 2/2] fixedlinks

---
 .../local_llms/suspicious_local_llm_frameworks.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml b/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml
index 66cf37fe..346ac734 100644
--- a/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml
+++ b/datasets/suspicious_behaviour/local_llms/suspicious_local_llm_frameworks.yml
@@ -1,7 +1,7 @@
 author: Rod Soto
 id: f936bf82-07dd-40f9-a04b-c8b392cafc97
 date: '2025-11-12'
-description: These datasets contain events related to suspicious executions of local LLM frameworks on endpoints, which may indicate potential misuse or unauthorized activities.
+description: These datasets contain events related to suspicious executions of local LLM frameworks on endpoints, which may indicate installation and potential misuse or unauthorized activities.
 environment: attack_range
 directory: local_llms
 mitre_technique: []