maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

lookback adjust (#64837)

Browse source 
increase lookback to 15 minutes for latency in endpoint signal rules
This commit is contained in:
The SpaceCake Project 2020-04-30 12:28:55 -04:00 committed by GitHub
parent c131cb341b
commit 671d750c03
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected an Adversary Behavior. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

4
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected Credential Dumping. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],
@ -17,4 +17,4 @@
],
"type": "query",
"version": 2
}
}

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented Credential Dumping. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected Credential Manipulation. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented Credential Manipulation. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected an Exploit. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented an Exploit. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected Malware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented Malware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected Permission Theft. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented Permission Theft. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected Process Injection. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented Process Injection. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint detected Ransomware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],

2
x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json
View file

@ -1,6 +1,6 @@
{
"description": "Elastic Endpoint prevented Ransomware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
"from": "now-660s",
"from": "now-15m",
"index": [
"endgame-*"
],