security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules (#945)

Browse Source 
* [Rule Tuning] Add timestamp_override field to rules
* add tests for lookback and timestamp_override
* fix dates and add test to ensure updated > creation
This commit is contained in:
Justin Ibarra
2021-02-17 19:49:58 -09:00
committed by GitHub
parent 134b310fdd
commit 645a0cd67b
184 changed files with 436 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cross-platform/execution_python_script_in_cmdline.toml
+2 -1
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/01/13"
maturity = "development"
updated_date = "2021/01/13"
updated_date = "2021/02/11"
[rule]
author = ["Elastic"]
@@ -19,6 +19,7 @@ risk_score = 47
rule_id = "ee9f08dc-cf80-4124-94ae-08c405f059ae"
severity = "medium"
tags = ["Elastic", "Host", "Linux", "macOS", "Windows", "Threat Detection", "Execution"]
timestamp_override = "event.ingested"
type = "eql"
query = '''