diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml b/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml index d2d35248fa2..1cf89cb7269 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml @@ -12,8 +12,6 @@ queryFrequency: 1h queryPeriod: 1h triggerOperator: gt triggerThreshold: 0 -tactics: -relevantTechniques: query: | let timeframe = 1h; let threshold = 15; // update threshold value based on organization's preference diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml b/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml index bc3cafce45d..a7daf6c322f 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml @@ -12,8 +12,6 @@ queryFrequency: 1h queryPeriod: 1h triggerOperator: gt triggerThreshold: 0 -tactics: -relevantTechniques: query: | let timeframe = 1h; CrowdStrikeFalconEventStream diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip index 628877b735d..3e2fe6c2912 100644 Binary files a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip and b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip differ diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json index bd14efacf8c..fd1a26eaca1 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json @@ -1729,52 +1729,52 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "CefAma", "dataTypes": [ "CommonSecurityLog" - ] + ], + "connectorId": "CefAma" } ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "AccountCustomEntity" + "columnName": "AccountCustomEntity", + "identifier": "FullName" } - ], - "entityType": "Account" + ] }, { + "entityType": "Host", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "HostCustomEntity" + "columnName": "HostCustomEntity", + "identifier": "FullName" } - ], - "entityType": "Host" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "IPCustomEntity" + "columnName": "IPCustomEntity", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "FileHash", "fieldMappings": [ { - "identifier": "Algorithm", - "columnName": "FileHashAlgo" + "columnName": "FileHashAlgo", + "identifier": "Algorithm" }, { - "identifier": "Value", - "columnName": "FileHashCustomEntity" + "columnName": "FileHashCustomEntity", + "identifier": "Value" } - ], - "entityType": "FileHash" + ] } ] } @@ -1858,52 +1858,52 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "CefAma", "dataTypes": [ "CommonSecurityLog" - ] + ], + "connectorId": "CefAma" } ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "AccountCustomEntity" + "columnName": "AccountCustomEntity", + "identifier": "FullName" } - ], - "entityType": "Account" + ] }, { + "entityType": "Host", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "HostCustomEntity" + "columnName": "HostCustomEntity", + "identifier": "FullName" } - ], - "entityType": "Host" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "IPCustomEntity" + "columnName": "IPCustomEntity", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "FileHash", "fieldMappings": [ { - "identifier": "Algorithm", - "columnName": "FileHashAlgo" + "columnName": "FileHashAlgo", + "identifier": "Algorithm" }, { - "identifier": "Value", - "columnName": "FileHashCustomEntity" + "columnName": "FileHashCustomEntity", + "identifier": "Value" } - ], - "entityType": "FileHash" + ] } ] }