You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
name = "Suspicious Web Browser Sensitive File Access"
Description
Index pattern needs to be changed to logs-endpoint.events.file-* in order to match indices created by Elastic Defend. Otherwise, the following warning will be shown:
This rule is attempting to query data from Elasticsearch indices listed in the "Index patterns" section of the rule definition, however no index matching: ["logs-endpoint.events.file.*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled.
Example Data
N/A
The text was updated successfully, but these errors were encountered:
Link to rule
detection-rules/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
Line 19 in 79f575b
Description
Index pattern needs to be changed to
logs-endpoint.events.file-*
in order to match indices created by Elastic Defend. Otherwise, the following warning will be shown:Example Data
N/A
The text was updated successfully, but these errors were encountered: