diff --git a/atomics/T1056.001/T1056.001.yaml b/atomics/T1056.001/T1056.001.yaml
index 6085dc85..8c202651 100644
--- a/atomics/T1056.001/T1056.001.yaml
+++ b/atomics/T1056.001/T1056.001.yaml
@@ -2,6 +2,7 @@ attack_technique: T1056.001
 display_name: 'Input Capture: Keylogging'
 atomic_tests:
 - name: Input Capture
+  auto_generated_guid: d9b633ca-8efb-45e6-b838-70f595c6ae26
   description: |
     Utilize PowerShell and external resource to capture keystrokes
     [Payload](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/src/Get-Keystrokes.ps1)
@@ -24,6 +25,7 @@ atomic_tests:
     name: powershell
     elevation_required: true
 - name: Living off the land Terminal Input Capture on Linux with pam.d
+  auto_generated_guid: 9c6bdb34-a89f-4b90-acb1-5970614c711b
   description: |
     Pluggable Access Module, which is present on all modern Linux systems, generally contains a library called pam_tty_audit.so which logs all keystrokes for the selected users and sends it to audit.log.  All terminal activity on any new logins would then be archived and readable by an adversary with elevated privledges.