From 49cb2e8dbf5b5cb3d2c1aa53f6892f3ec5e358e3 Mon Sep 17 00:00:00 2001 From: Ross Wolf <31489089+rw-access@users.noreply.github.com> Date: Tue, 15 Jun 2021 11:40:47 -0600 Subject: [PATCH] [Bug] Fix ML job IDs that used hyphens (#1287) * Fix ML job IDs that used hyphens * Update ml_high_count_network_denies.toml * Update ml_spike_in_traffic_to_a_country.toml * Set updated_date --- rules/ml/ml_high_count_network_denies.toml | 4 ++-- rules/ml/ml_high_count_network_events.toml | 4 ++-- rules/ml/ml_rare_destination_country.toml | 4 ++-- rules/ml/ml_spike_in_traffic_to_a_country.toml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/rules/ml/ml_high_count_network_denies.toml b/rules/ml/ml_high_count_network_denies.toml index d7f6fdbba..6751a6c52 100644 --- a/rules/ml/ml_high_count_network_denies.toml +++ b/rules/ml/ml_high_count_network_denies.toml @@ -1,7 +1,7 @@ [metadata] creation_date = "2021/04/05" maturity = "production" -updated_date = "2021/04/05" +updated_date = "2021/06/15" [rule] anomaly_threshold = 75 @@ -23,7 +23,7 @@ false_positives = [ from = "now-30m" interval = "15m" license = "Elastic License" -machine_learning_job_id = "high-count-network-denies" +machine_learning_job_id = "high_count_network_denies" name = "Spike in Firewall Denies" references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"] risk_score = 21 diff --git a/rules/ml/ml_high_count_network_events.toml b/rules/ml/ml_high_count_network_events.toml index 8f82e3aee..246baf2c3 100644 --- a/rules/ml/ml_high_count_network_events.toml +++ b/rules/ml/ml_high_count_network_events.toml @@ -1,7 +1,7 @@ [metadata] creation_date = "2021/04/05" maturity = "production" -updated_date = "2021/04/05" +updated_date = "2021/06/15" [rule] anomaly_threshold = 75 @@ -23,7 +23,7 @@ false_positives = [ from = "now-30m" interval = "15m" license = "Elastic License" -machine_learning_job_id = "high-count-network-events" +machine_learning_job_id = "high_count_network_events" name = "Spike in Network Traffic" references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"] risk_score = 21 diff --git a/rules/ml/ml_rare_destination_country.toml b/rules/ml/ml_rare_destination_country.toml index 84559d6aa..c43a46367 100644 --- a/rules/ml/ml_rare_destination_country.toml +++ b/rules/ml/ml_rare_destination_country.toml @@ -1,7 +1,7 @@ [metadata] creation_date = "2021/04/05" maturity = "production" -updated_date = "2021/04/05" +updated_date = "2021/06/15" [rule] anomaly_threshold = 75 @@ -28,7 +28,7 @@ false_positives = [ from = "now-30m" interval = "15m" license = "Elastic License" -machine_learning_job_id = "rare-destination-country" +machine_learning_job_id = "rare_destination_country" name = "Network Traffic to Rare Destination Country" references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"] risk_score = 21 diff --git a/rules/ml/ml_spike_in_traffic_to_a_country.toml b/rules/ml/ml_spike_in_traffic_to_a_country.toml index 42a76680d..b191bde97 100644 --- a/rules/ml/ml_spike_in_traffic_to_a_country.toml +++ b/rules/ml/ml_spike_in_traffic_to_a_country.toml @@ -1,7 +1,7 @@ [metadata] creation_date = "2021/04/05" maturity = "production" -updated_date = "2021/04/05" +updated_date = "2021/06/15" [rule] anomaly_threshold = 75 @@ -26,7 +26,7 @@ false_positives = [ from = "now-30m" interval = "15m" license = "Elastic License" -machine_learning_job_id = "high-count-by-destination-country" +machine_learning_job_id = "high_count_by_destination_country" name = "Spike in Network Traffic To a Country" references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"] risk_score = 21