diff --git a/cowrie/warden_sender_cowrie.py b/cowrie/warden_sender_cowrie.py
index baabc06bb3c3095b4bac2ce35065ec3d1da9bf8e..db056aaa18cc2a1e75477e24fffc6c6e950e2872 100755
--- a/cowrie/warden_sender_cowrie.py
+++ b/cowrie/warden_sender_cowrie.py
@@ -23,6 +23,7 @@ aanonymised = aconfig['anonymised']
 aanonymised_net  = aconfig['target_net']
 aanonymised = aanonymised if (aanonymised_net != '0.0.0.0/0') or (aanonymised_net == 'omit') else '0.0.0.0/0'
 awin = aconfig['awin'] * 60
+atest = aconfig['test_mode']
 
 wclient = Client(**wconfig)
 
@@ -44,7 +45,7 @@ def gen_event_idea_cowrie_info(detect_time, src_ip, dst_ip, win_start_time, win_
 		"DetectTime": detect_time,
 		"WinStartTime": win_start_time,
 		"WinEndTime": win_end_time,
-		"Category": ["Attempt.Login", "Test"],
+		"Category": ["Attempt.Login"],
 		"Note": "SSH login attempt",
 		"ConnCount": conn_count,
 		"Source": [{}],
@@ -58,6 +59,10 @@ def gen_event_idea_cowrie_info(detect_time, src_ip, dst_ip, win_start_time, win_
 			}
 			]
 	}
+	# Test if we're testing
+	if atest == "true":
+	    event["Category"].append('Test')
+
 	event = idea_fill_addresses(event, src_ip, dst_ip, aanonymised, aanonymised_net)
 	return event
 
@@ -68,7 +73,7 @@ def gen_event_idea_cowrie_auth(detect_time, src_ip, dst_ip, username, password,
 		"Format": "IDEA0",
 		"ID": str(uuid4()),
 		"DetectTime": detect_time,
-		"Category": ["Information.UnauthorizedAccess", "Test"],
+		"Category": ["Information.UnauthorizedAccess"],
 		"Note": "SSH successfull attempt",
 		"ConnCount": 1,
 		"Source": [{}],
@@ -82,6 +87,9 @@ def gen_event_idea_cowrie_auth(detect_time, src_ip, dst_ip, username, password,
 		],
 		"Attach": [{ "sessionid": sessionid, "username": username, "password": password }]
 	}
+	# Test if we're testing
+	if atest == "true":
+	    event["Category"].append('Test')
 
 	event = idea_fill_addresses(event, src_ip, dst_ip, aanonymised, aanonymised_net)
   
@@ -94,7 +102,7 @@ def gen_event_idea_cowrie_ttylog(detect_time, src_ip, dst_ip, sessionid, ttylog,
 		"Format": "IDEA0",
 		"ID": str(uuid4()),
 		"DetectTime": detect_time,
-		"Category": ["Information.UnauthorizedAccess", "Test"],
+		"Category": ["Information.UnauthorizedAccess"],
 		"Note": "Cowrie ttylog",
 		"ConnCount": 1,
 		"Source": [{}],
@@ -108,6 +116,9 @@ def gen_event_idea_cowrie_ttylog(detect_time, src_ip, dst_ip, sessionid, ttylog,
 		],
 		"Attach": [ { "sessionid": sessionid, "ttylog": ttylog, "iinput": iinput, "smart": iinput } ]
   	}
+	# Test if we're testing
+	if atest == "true":
+	    event["Category"].append('Test')
 	
 	event = idea_fill_addresses(event, src_ip, dst_ip, aanonymised, aanonymised_net) 
  
@@ -120,7 +131,7 @@ def gen_event_idea_cowrie_download(detect_time, src_ip, dst_ip,	sessionid, url,
 		"Format": "IDEA0",
 		"ID": str(uuid4()),
 		"DetectTime": detect_time,
-		"Category": ["Malware", "Test"],
+		"Category": ["Malware"],
 		"Note": "Cowrie download",
 		"ConnCount": 1,
 		"Source": [{}],
@@ -134,6 +145,9 @@ def gen_event_idea_cowrie_download(detect_time, src_ip, dst_ip,	sessionid, url,
 			],
 		"Attach": [{ "sessionid": sessionid, "url": url, "outfile": outfile, "smart": url }]
 	}
+	# Test if we're testing
+	if atest == "true":
+	    event["Category"].append('Test')
 
 	event = idea_fill_addresses(event, src_ip, dst_ip, aanonymised, aanonymised_net)