security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning} Correct Promotion Rule Descriptions (#85)

Browse Source
This commit is contained in:
Brent Murphy
2020-07-22 12:36:18 -04:00
committed by GitHub
parent b4d8985105
commit b5213e66b2
15 changed files with 15 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/promotions/endpoint_adversary_behavior_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected an Adversary Behavior. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_cred_dumping_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected Credential Dumping. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_cred_dumping_prevented.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented Credential Dumping. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_cred_manipulation_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected Credential Manipulation. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_cred_manipulation_prevented.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented Credential Manipulation. Click the Elastic Endpoint Security icon in the
event.module column or the link in the rule.reference column in the External Alerts tab of the Security Detections page
for additional information.
event.module column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_exploit_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected an Exploit. Click the Elastic Endpoint Security icon in the event.module column or
the link in the rule.reference column in the External Alerts tab of the Security Detections page for additional
information.
the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_exploit_prevented.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented an Exploit. Click the Elastic Endpoint Security icon in the event.module column or
the link in the rule.reference column in the External Alerts tab of the Security Detections page for additional
information.
the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_malware_detected.toml
+1 -1
View File
@@ -8,7 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected Malware. Click the Elastic Endpoint Security icon in the event.module column or the
link in the rule.reference column in the External Alerts tab of the Security Detections page for additional information.
link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_malware_prevented.toml
+1 -1
View File
@@ -8,7 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented Malware. Click the Elastic Endpoint Security icon in the event.module column or the
link in the rule.reference column in the External Alerts tab of the Security Detections page for additional information.
link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_permission_theft_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected Permission Theft. Click the Elastic Endpoint Security icon in the event.module column
or the link in the rule.reference column in the External Alerts tab of the Security Detections page for additional
information.
or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_permission_theft_prevented.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented Permission Theft. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_process_injection_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected Process Injection. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_process_injection_prevented.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented Process Injection. Click the Elastic Endpoint Security icon in the event.module
column or the link in the rule.reference column in the External Alerts tab of the Security Detections page for
additional information.
column or the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_ransomware_detected.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security detected Ransomware. Click the Elastic Endpoint Security icon in the event.module column or
the link in the rule.reference column in the External Alerts tab of the Security Detections page for additional
information.
the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]
rules/promotions/endpoint_ransomware_prevented.toml
+1 -2
View File
@@ -8,8 +8,7 @@ updated_date = "2020/02/18"
author = ["Elastic"]
description = """
Elastic Endpoint Security prevented Ransomware. Click the Elastic Endpoint Security icon in the event.module column or
the link in the rule.reference column in the External Alerts tab of the Security Detections page for additional
information.
the link in the rule.reference column for additional information.
"""
from = "now-15m"
index = ["endgame-*"]