Mika Ayenson
44 lines
1.7 KiB
YAML
44 lines
1.7 KiB
YAML
name: Tune Existing Hunt
|
|
description: Suggestion for logic changes to an existing hunt
|
|
title: "[Hunt Tuning] Name of Hunt"
|
|
labels: ["Hunt: Tuning", "Team: TRADE"]
|
|
assignees: []
|
|
projects: ["elastic/1268"]
|
|
|
|
body:
|
|
- type: input
|
|
id: hunt_link
|
|
attributes:
|
|
label: Link to hunt
|
|
description: "Provide a link to the hunt being recommended."
|
|
placeholder: "https://github.com/elastic/detection-hunts/tree/main/hunting/..."
|
|
|
|
- type: dropdown
|
|
id: tuning_type
|
|
attributes:
|
|
label: Hunt Tuning Type
|
|
options:
|
|
- False Positives - Reducing benign events mistakenly identified as threats.
|
|
- False Negatives - Enhancing detection of true threats that were previously missed.
|
|
- Performance - Optimizing resource consumption and execution time of detection hunts.
|
|
- Contextual Tuning - Customizing hunts based on specific environment factors.
|
|
- Threshold Adjustments - Modifying sensitivity by changing alert triggering thresholds.
|
|
- Behavioral Tuning - Refining hunts to better detect deviations from typical behavior.
|
|
- Temporal Tuning - Adjusting hunts based on time-based patterns.
|
|
- Severity Tuning - Adjusting priority or severity levels of alerts.
|
|
- Data Quality - Ensuring integrity and quality of data used by detection hunts.
|
|
|
|
- type: textarea
|
|
id: description
|
|
attributes:
|
|
label: Description
|
|
description: "Provide a detailed description of the suggested changes."
|
|
placeholder: "Detailed description..."
|
|
|
|
- type: textarea
|
|
id: example_data
|
|
attributes:
|
|
label: Example Data
|
|
description: "If the query is to be changed, include example JSON data or a screenshot."
|
|
placeholder: "Example JSON data or screenshot..."
|