diff --git a/tests/ubuntu/test_ssh.json b/tests/ubuntu/test_ssh.json
index c46f02b..c684ef7 100644
--- a/tests/ubuntu/test_ssh.json
+++ b/tests/ubuntu/test_ssh.json
@@ -18,7 +18,11 @@
             "RuleDescription": "sshd: Attempt to login using a non-existent user",
             "LogFilePath": "5710-local-net.txt",
             "Predecoder": {},
-            "Decoder": {}
+            "Decoder": {
+                "srcip": "10.0.0.4",
+                "srcport": "59528",
+                "srcuser": "non-existent"
+            }
         }
     ]
-}
\ No newline at end of file
+}