Stellar Threat Intel rule does not trigger

Question by Mustafa Akmal Feb 08 at 02:58 PM Metron threat-intel threat

I have the following field in my logs

'severity'

this field has integer values from 0-7. I have created a threat rule as follows

severity == 6

and given it a score of 50.

However when the logs get enriched and indexed. The rule does not assign a score to the record. It does get identified as a alert because the is_alert field is true.

10 |6000 characters needed characters left characters exceeded

Attachments: Up to 5 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Stellar Threat Intel rule does not trigger

0 Replies

Your answer