Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rule Tuning] Suspicious Web Browser Sensitive File Access #3690

Closed
ar3diu opened this issue May 17, 2024 · 1 comment
Closed

[Rule Tuning] Suspicious Web Browser Sensitive File Access #3690

ar3diu opened this issue May 17, 2024 · 1 comment
Labels
community Rule: Tuning tweaking or tuning an existing rule

Comments

@ar3diu
Copy link

ar3diu commented May 17, 2024

Link to rule

detection-rules/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml

Line 19 in 79f575b

name = "Suspicious Web Browser Sensitive File Access"

Description

Index pattern needs to be changed to logs-endpoint.events.file-* in order to match indices created by Elastic Defend. Otherwise, the following warning will be shown:

This rule is attempting to query data from Elasticsearch indices listed in the "Index patterns" section of the rule definition, however no index matching: ["logs-endpoint.events.file.*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled.

Example Data

N/A
@ar3diu ar3diu added the Rule: Tuning tweaking or tuning an existing rule label May 17, 2024
@Samirbous Samirbous mentioned this issue May 17, 2024
Merged
@Samirbous
Copy link
Contributor

@ar3diu thank you for reporting this issue! we pushed a PR to fix it

@w0rk3r w0rk3r closed this as completed May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community Rule: Tuning tweaking or tuning an existing rule
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@w0rk3r @ar3diu @Samirbous