Skip to content

[Security Solution] Expand DF Query in the high_count_network_denies ML job #101679

Closed
Closed
[Security Solution] Expand DF Query in the high_count_network_denies ML job#101679
Assignees
randomuserid
Labels
Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.bugFixes for quality problems that affect the customer experiencev7.13.2v7.14.0v8.0.0
@randomuserid

Description

@randomuserid
randomuserid
opened on Jun 8, 2021

Describe the bug:

Network ACL deny events are populated differently by different modules so we need to OR another field test in the DF query.

Kibana/Elasticsearch Stack version:

7.13

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Security ML Jobs

Metadata

Metadata

Assignees

Labels

Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.bugFixes for quality problems that affect the customer experiencev7.13.2v7.14.0v8.0.0

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions