From f1d7ac36eb6c7427fb14244e7dba645d9473ea35 Mon Sep 17 00:00:00 2001
From: Yacine Elhamer <16624109+yelhamer@users.noreply.github.com>
Date: Mon, 3 Jul 2023 02:48:24 +0100
Subject: [PATCH] Update test_rules.py

---
 tests/test_rules.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/test_rules.py b/tests/test_rules.py
index 500af0b6..d62684c3 100644
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -387,10 +387,12 @@ def test_subscope_rules():
                                 dynamic: process
                         features:
                             - and:
-                                - string: yo
-                                - instruction:
-                                    - mnemonic: shr
-                                    - number: 5
+                                - string: /etc/shadow
+                                - or:
+                                    - api: open
+                                    - instruction:
+                                        - mnemonic: syscall
+                                        - number: 2 = open syscall number
                     """
                 )
             ),