[Rule Tuning] Add tags to flag Sysmon-only rules & Modify Investigation Guide-related tag (#2352)

* [Rule Tuning] Add tags to flag Sysmon-only rules * Modify tags * Revert "Modify tags" This reverts commit 3d9267d171a41f727bb499501d71d5c4db4f0434. * Modify tags * Update test_all_rules.py * Update test_all_rules.py * Update test_all_rules.py * Update test_all_rules.py * Update test_all_rules.py
2022-11-18 07:32:27 -08:00
parent 6055d0db60
commit ac01718bb6
180 changed files with 192 additions and 194 deletions
@@ -80,7 +80,7 @@ If enabling an EQL rule on a non-elastic-agent index (such as beats) for version
 risk_score = 21
 rule_id = "f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc"
 severity = "low"
-tags = ["Elastic", "Host", "Windows", "Threat Detection", "Initial Access", "has_guide"]
+tags = ["Elastic", "Host", "Windows", "Threat Detection", "Initial Access", "Investigation Guide"]
 timestamp_override = "event.ingested"
 type = "eql"