security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Bug] Fix ML job IDs that used hyphens (#1287)

Browse Source 
* Fix ML job IDs that used hyphens
* Update ml_high_count_network_denies.toml
* Update ml_spike_in_traffic_to_a_country.toml
* Set updated_date
This commit is contained in:
Ross Wolf
2021-06-15 11:40:47 -06:00
committed by GitHub
parent 177cfc85bf
commit 49cb2e8dbf
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/ml/ml_high_count_network_denies.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/04/05"
maturity = "production"
updated_date = "2021/04/05"
updated_date = "2021/06/15"
[rule]
anomaly_threshold = 75
@@ -23,7 +23,7 @@ false_positives = [
from = "now-30m"
interval = "15m"
license = "Elastic License"
machine_learning_job_id = "high-count-network-denies"
machine_learning_job_id = "high_count_network_denies"
name = "Spike in Firewall Denies"
references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
risk_score = 21
rules/ml/ml_high_count_network_events.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/04/05"
maturity = "production"
updated_date = "2021/04/05"
updated_date = "2021/06/15"
[rule]
anomaly_threshold = 75
@@ -23,7 +23,7 @@ false_positives = [
from = "now-30m"
interval = "15m"
license = "Elastic License"
machine_learning_job_id = "high-count-network-events"
machine_learning_job_id = "high_count_network_events"
name = "Spike in Network Traffic"
references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
risk_score = 21
rules/ml/ml_rare_destination_country.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/04/05"
maturity = "production"
updated_date = "2021/04/05"
updated_date = "2021/06/15"
[rule]
anomaly_threshold = 75
@@ -28,7 +28,7 @@ false_positives = [
from = "now-30m"
interval = "15m"
license = "Elastic License"
machine_learning_job_id = "rare-destination-country"
machine_learning_job_id = "rare_destination_country"
name = "Network Traffic to Rare Destination Country"
references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
risk_score = 21
rules/ml/ml_spike_in_traffic_to_a_country.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/04/05"
maturity = "production"
updated_date = "2021/04/05"
updated_date = "2021/06/15"
[rule]
anomaly_threshold = 75
@@ -26,7 +26,7 @@ false_positives = [
from = "now-30m"
interval = "15m"
license = "Elastic License"
machine_learning_job_id = "high-count-by-destination-country"
machine_learning_job_id = "high_count_by_destination_country"
name = "Spike in Network Traffic To a Country"
references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
risk_score = 21