name: Tune Existing Rule
description: Suggestion for logic changes to an existing rule
title: "[Rule Tuning] Name of rule"
labels: ["Rule: Tuning", "Team: TRADE"]
assignees: []
projects: ["elastic/1268"]

body:
  - type: input
    id: rule_link
    attributes:
      label: Link to Rule
      description: "Provide a link to the rule being recommended."
      placeholder: "https://github.com/elastic/detection-rules/tree/main/rules/..."

  - type: dropdown
    id: tuning_type
    attributes:
      label: Rule Tuning Type
      options:
      - False Positives - Reducing benign events mistakenly identified as threats.
      - False Negatives - Enhancing detection of true threats that were previously missed.
      - Performance - Optimizing resource consumption and execution time of detection rules.
      - Contextual Tuning - Customizing rules based on specific environment factors.
      - Threshold Adjustments - Modifying sensitivity by changing alert triggering thresholds.
      - Behavioral Tuning - Refining rules to better detect deviations from typical behavior.
      - Temporal Tuning - Adjusting rules based on time-based patterns.
      - Severity Tuning - Adjusting priority or severity levels of alerts.
      - Data Quality - Ensuring integrity and quality of data used by detection rules.

  - type: textarea
    id: description
    attributes:
      label: Description
      description: "Provide a detailed description of the suggested changes."
      placeholder: "Detailed description..."

  - type: textarea
    id: example_data
    attributes:
      label: Example Data
      description: "If the query is to be changed, include example JSON data or a screenshot."
      placeholder: "Example JSON data or screenshot..."