security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update External Alerts rule index to match default securitySolution:defaultIndex value (#86)

Browse Source 
## Summary
Updates the External Alerts rule index to match default securitySolution:defaultIndex value


``` toml
index = ["apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
```

Note: extra spaces are from running `toml-lint`

## Contributor checklist

- Have you signed the [contributor license agreement](https://www.elastic.co/contributor-agreement)? Yes!
- Have you followed the [contributor guidelines](https://github.com/elastic/detection-rules/blob/main/CONTRIBUTING.md)? Yes!
This commit is contained in:
Garrett Spong
2020-07-22 14:37:19 -06:00
committed by GitHub
parent b5213e66b2
commit 4b17cb37f0
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/promotions/external_alerts.toml
+3 -1
View File
@@ -7,9 +7,10 @@ updated_date = "2020/07/08"
[rule]
author = ["Elastic"]
description = """
Generates a detection alert for each external alert written to the configured securitySolution:defaultIndex. Enabling
Generates a detection alert for each external alert written to the configured indices. Enabling
this rule allows you to immediately begin investigating external alerts in the app.
"""
index = ["apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
language = "kuery"
license = "Elastic License"
max_signals = 10000
@@ -55,3 +56,4 @@ field = "event.severity"
operator = "equals"
value = "99"
severity = "critical"