paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 00:02:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 200850-crowdstrike.xml

Browse Source
This commit is contained in:
taylor_socfortress
2022-08-29 16:57:08 -05:00
committed by GitHub
parent 52a4ec1c61
commit 26236db7db
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Crowdstrike/200850-crowdstrike.xml
View File

@@ -1,6 +1,7 @@
<group name="crowdstrike,siemconnector">
<rule id="200850" level="5">
<field name="metadata.customerIDString">\.+</field>
<options>no_full_log</options>
<description>CrowdStrike Alert - $(event.OperationName)</description>
</rule>
<rule id="200851" level="1">
@@ -16,6 +17,7 @@
<rule id="200853" level="8">
<if_sid>200850</if_sid>
<field name="event.Severity">\.+</field>
<options>no_full_log</options>
<description>CrowdStrike Alert - $(event.DetectDescription)</description>
</rule>
</group>