Mika Ayenson
44 lines
1.7 KiB
YAML
44 lines
1.7 KiB
YAML
name: Tune Existing Rule
|
|
description: Suggestion for logic changes to an existing rule
|
|
title: "[Rule Tuning] Name of rule"
|
|
labels: ["Rule: Tuning", "Team: TRADE"]
|
|
assignees: []
|
|
projects: ["elastic/1268"]
|
|
|
|
body:
|
|
- type: input
|
|
id: rule_link
|
|
attributes:
|
|
label: Link to Rule
|
|
description: "Provide a link to the rule being recommended."
|
|
placeholder: "https://github.com/elastic/detection-rules/tree/main/rules/..."
|
|
|
|
- type: dropdown
|
|
id: tuning_type
|
|
attributes:
|
|
label: Rule Tuning Type
|
|
options:
|
|
- False Positives - Reducing benign events mistakenly identified as threats.
|
|
- False Negatives - Enhancing detection of true threats that were previously missed.
|
|
- Performance - Optimizing resource consumption and execution time of detection rules.
|
|
- Contextual Tuning - Customizing rules based on specific environment factors.
|
|
- Threshold Adjustments - Modifying sensitivity by changing alert triggering thresholds.
|
|
- Behavioral Tuning - Refining rules to better detect deviations from typical behavior.
|
|
- Temporal Tuning - Adjusting rules based on time-based patterns.
|
|
- Severity Tuning - Adjusting priority or severity levels of alerts.
|
|
- Data Quality - Ensuring integrity and quality of data used by detection rules.
|
|
|
|
- type: textarea
|
|
id: description
|
|
attributes:
|
|
label: Description
|
|
description: "Provide a detailed description of the suggested changes."
|
|
placeholder: "Detailed description..."
|
|
|
|
- type: textarea
|
|
id: example_data
|
|
attributes:
|
|
label: Example Data
|
|
description: "If the query is to be changed, include example JSON data or a screenshot."
|
|
placeholder: "Example JSON data or screenshot..."
|