From 7f6ffdcea26120d83127593b2fe49a9c8293b8d6 Mon Sep 17 00:00:00 2001
From: JeffMichelmore <104797991+JeffMichelmore@users.noreply.github.com>
Date: Wed, 25 Oct 2023 10:05:18 -0500
Subject: [PATCH] Update T1562.001.yaml

---
 atomics/T1562.001/T1562.001.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1562.001/T1562.001.yaml b/atomics/T1562.001/T1562.001.yaml
index 2d134524e6..9f5e9db3a8 100644
--- a/atomics/T1562.001/T1562.001.yaml
+++ b/atomics/T1562.001/T1562.001.yaml
@@ -926,7 +926,7 @@ atomic_tests:
     elevation_required: false
 - name: Tamper with Defender ATP on Linux/MacOS
   description: |
-    With root privileges, an adversary can disable real time protection. Note, this test assumes Defender is not in passive mode and real-time protection is enabled. The use of a managed.json on Linux or Defender .plist on MacOS will prevent these changes. Tamper protection will also prevent this (available on MacOS, but not Linux at the time of writing).
+    With root privileges, an adversary can disable real time protection. Note, this test assumes Defender is not in passive mode and real-time protection is enabled. The use of a managed.json on Linux or Defender .plist on MacOS will prevent these changes. Tamper protection will also prevent this (available on MacOS, but not Linux at the time of writing). Installation of MDATP is a prerequisite. Installation steps vary across MacOS and Linux distros. See Microsoft public documentation for instructions: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide
   supported_platforms:
   - linux
   - macos