diff --git a/contentctl.yml b/contentctl.yml
index 10c28bd95b..c8ac7464f4 100644
--- a/contentctl.yml
+++ b/contentctl.yml
@@ -171,11 +171,11 @@ apps:
   description: description of app
   hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_510.tgz
 - uid: 2890
-  title: Splunk Machine Learning Toolkit
+  title: Splunk AI Toolkit
   appid: SPLUNK_MACHINE_LEARNING_TOOLKIT
   version: 5.5.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-machine-learning-toolkit_550.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-ai-toolkit_570.tgz
 - uid: 5518
   title: Splunk add on for Microsoft Defender Advanced Hunting
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_DEFENDER_ADVANCED_HUNTING
@@ -209,9 +209,9 @@ apps:
 - uid: 2882
   title: Python for Scientific Computing (for Linux 64-bit)
   appid: Splunk_SA_Scientific_Python_linux_x86_64
-  version: 4.2.2
+  version: 4.3.0
   description: PSC for MLTK
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_422.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_430.tgz
 - uid: 6254
   title: Splunk Add-on for Github
   appid: Splunk_TA_github
diff --git a/detections/endpoint/potentially_malicious_code_on_commandline.yml b/detections/endpoint/potentially_malicious_code_on_commandline.yml
index e89cece1a1..fa4041aa24 100644
--- a/detections/endpoint/potentially_malicious_code_on_commandline.yml
+++ b/detections/endpoint/potentially_malicious_code_on_commandline.yml
@@ -47,8 +47,9 @@ tags:
         - Splunk Cloud
     security_domain: endpoint
 tests:
-    - name: True Positive Test
-      attack_data:
-        - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/malicious_cmd_line_samples/windows-sysmon.log
-          source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
-          sourcetype: XmlWinEventLog
+- name: True Positive Test
+  attack_data:
+  - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/malicious_cmd_line_samples/windows-sysmon.log
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    sourcetype: XmlWinEventLog
+