You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Threat Matching rules would be introduced for 7.10, giving users the ability to match fields across Kibana indexes with Threat Intel Index that users uploaded into their stack.
Acceptance Test Criteria
Documentation is needed for Threat Matching rule type.
Creation of Threat Matching Rule:
Go to Detections tab > Manage Detection Rules
Click on Create A New Rule
Select Threat Matching rule type
Enter necessary fields:
Add the index patterns you are matching
Type in query to narrow down your search
Add the threat intel index you want to use in the match
Type in query to narrow down threat intel index search
Select the fields from the index patterns and threat intel index you want to receive alerts on when matched
Complete rest of rules creation steps.
Viewing Threat Matching Rule in Detections page:
User will receive 1 alert per rule that produced 1 match.
Notes
Add the "Team:Docs" label to new issues.
Be sure to add the version number label.
Be sure to add any necessary screenshots for clarity.
Include any conditions or caveats that may affect customers.
The text was updated successfully, but these errors were encountered:
Description
META: https://github.com/elastic/security-team/issues/20
Mock: https://www.figma.com/file/RicL36qDX8MjRTDL3CmrCr/Rules-7.10?node-id=206%3A0
Threat Matching rules would be introduced for 7.10, giving users the ability to match fields across Kibana indexes with Threat Intel Index that users uploaded into their stack.
Acceptance Test Criteria
Documentation is needed for Threat Matching rule type.
Creation of Threat Matching Rule:
Viewing Threat Matching Rule in Detections page:
User will receive 1 alert per rule that produced 1 match.
Notes
The text was updated successfully, but these errors were encountered: