diff --git a/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_4.json b/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_4.json
index c6dbb6e9d..27b4018d5 100644
--- a/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_4.json	
+++ b/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_4.json	
@@ -1,9 +1,9 @@
 {
   "input": {
-    "message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"CUGR-politique_principale\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}"
+    "message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"MyPolicy\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}"
   },
   "expected": {
-    "message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"CUGR-politique_principale\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}",
+    "message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"MyPolicy\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}",
     "event": {
       "action": "Quarantine",
       "category": [
@@ -38,7 +38,7 @@
       "id": "XXXXXX-xxxxx-XXXXXX-Xx"
     },
     "rule": {
-      "ruleset": "CUGR-politique_principale"
+      "ruleset": "MyPolicy"
     },
     "trendmicro": {
       "visionone": {