Skip to content

Commit

Permalink
updated analytical rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@v-rusraut
v-rusraut committed Nov 13, 2024
1 parent 16c101f commit dd19671
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 44 deletions.
2 changes: 0 additions & 2 deletions ...ike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@ queryFrequency: 1h
queryPeriod: 1h
triggerOperator: gt
triggerThreshold: 0
tactics:
relevantTechniques:
query: |
let timeframe = 1h;
let threshold = 15; // update threshold value based on organization's preference
Expand Down
2 changes: 0 additions & 2 deletions ...ions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@ queryFrequency: 1h
queryPeriod: 1h
triggerOperator: gt
triggerThreshold: 0
tactics:
relevantTechniques:
query: |
let timeframe = 1h;
CrowdStrikeFalconEventStream
Expand Down
Binary file modified Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip
View file
Binary file not shown.
80 changes: 40 additions & 40 deletions Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1729,52 +1729,52 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
]
],
"connectorId": "CefAma"
}
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "AccountCustomEntity"
"columnName": "AccountCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Account"
]
},
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
"columnName": "IPCustomEntity",
"identifier": "Address"
}
],
"entityType": "IP"
]
},
{
"entityType": "FileHash",
"fieldMappings": [
{
"identifier": "Algorithm",
"columnName": "FileHashAlgo"
"columnName": "FileHashAlgo",
"identifier": "Algorithm"
},
{
"identifier": "Value",
"columnName": "FileHashCustomEntity"
"columnName": "FileHashCustomEntity",
"identifier": "Value"
}
],
"entityType": "FileHash"
]
}
]
}
Expand Down Expand Up @@ -1858,52 +1858,52 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
]
],
"connectorId": "CefAma"
}
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "AccountCustomEntity"
"columnName": "AccountCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Account"
]
},
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
"columnName": "IPCustomEntity",
"identifier": "Address"
}
],
"entityType": "IP"
]
},
{
"entityType": "FileHash",
"fieldMappings": [
{
"identifier": "Algorithm",
"columnName": "FileHashAlgo"
"columnName": "FileHashAlgo",
"identifier": "Algorithm"
},
{
"identifier": "Value",
"columnName": "FileHashCustomEntity"
"columnName": "FileHashCustomEntity",
"identifier": "Value"
}
],
"entityType": "FileHash"
]
}
]
}
Expand Down

0 comments on commit dd19671

Please sign in to comment.