security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Change default time query for rounding days (#1713)

Browse Source 
* Change default time query for rounding days

* Udpate date

* Revert rule updated_data

* Restore threat_query
This commit is contained in:
Khristinin Nikita
2022-01-28 20:34:14 +01:00
committed by GitHub
parent edd0df5e1a
commit 87c7210aab
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cross-platform/threat_intel_filebeat8x.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/11/24"
maturity = "production"
updated_date = "2021/11/24"
updated_date = "2022/01/26"
min_stack_comments = "Threat index is ECS 1.11 compliant (8.0)."
min_stack_version = "8.0"
@@ -72,7 +72,7 @@ threat_indicator_path = "threat.indicator"
threat_language = "kuery"
threat_query = '''
@timestamp >= "now-30d" and event.dataset:ti_* and
@timestamp >= "now-30d/d" and event.dataset:ti_* and
(threat.indicator.file.hash.*:* or threat.indicator.file.pe.imphash:* or threat.indicator.ip:* or
threat.indicator.registry.path:* or threat.indicator.url.full:*)
'''
rules/cross-platform/threat_intel_fleet_integrations.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/04/21"
maturity = "production"
updated_date = "2021/11/24"
updated_date = "2022/01/26"
min_stack_comments = "Threat intel module fields were updated from `threatintel.*` to `threat.*` in ECS 1.11 (7.16)."
min_stack_version = "8.0"
@@ -72,7 +72,7 @@ threat_indicator_path = "threat.indicator"
threat_language = "kuery"
threat_query = '''
@timestamp >= "now-30d" and event.dataset:ti_* and
@timestamp >= "now-30d/d" and event.dataset:ti_* and
(threat.indicator.file.hash.*:* or threat.indicator.file.pe.imphash:* or threat.indicator.ip:* or
threat.indicator.registry.path:* or threat.indicator.url.full:*)
'''