Update datafeed_high_count_network_denies.json (#101681)

randomuserid · kibanamachine · commit f0c644dc284d · 2021-06-09T19:53:22.000Z
add a boolean OR between the two possible field values
diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_network_denies.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_network_denies.json
@@ -13,10 +13,29 @@
           "term": {
             "event.category": "network"
           }
-        },
+        }
+      ],
+      "must": [
         {
-          "term": {
-            "event.outcome": "deny"
+          "bool": {
+            "should": [
+              {
+                "match": {
+                  "event.outcome": {
+                    "query": "deny",
+                    "operator": "OR"
+                  }
+                }
+              },
+              {
+                "match": {
+                  "event.type": {
+                    "query": "denied",
+                    "operator": "OR"
+                  }
+                }
+              }
+            ]
           }
         }
       ]
