[Rule Tuning] Standardizing Risk Score according to Severity (#2242)

2022-08-21 22:29:39 -03:00
parent fbfe1e3530
commit 6e2d20362a
23 changed files with 46 additions and 46 deletions
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2022/07/11"
 maturity = "production"
-updated_date = "2022/07/11"
+updated_date = "2022/08/17"

 [rule]
 author = ["Elastic"]
@@ -16,7 +16,7 @@ name = "Kernel module load via insmod"
 references = [
    "https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/"
 ]
-risk_score = 85
+risk_score = 47
 rule_id = "2339f03c-f53f-40fa-834b-40c5983fc41f"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Persistence", "Rootkit"]