Skip to content

[MODIFY] Detection Rule 5 #13

Closed
#14
Closed
[MODIFY] Detection Rule 5#13
#14
Assignees
poslogica
Labels
detection-rule
@poslogica

Description

@poslogica
poslogica
opened on Dec 1, 2025

Existing Rule Filename

detection-rule-5.yml

Rule Name

Detection Rule 5

Rule Status (Optional)

Disabled-Prod

Rule Description (Optional)

No response

References (Optional)

Modified By

User that modify 1

Modified Date

2025-12-01

MITRE ATT&CK Mapping (Optional)

attack.T90909

Vendor Data Sources (Optional)

No response

Service Data Sources (Optional)

No response

Detection Query Before

Query 123

Detection Query After

Query 123 that is update from just 123

Detection Query Condition (Optional)

No response

Detection Query Suppress (Optional)

No response

Severity (Optional)

None

Outcome (Optional)

No response

Review Last Reviewed

2025-12-01

Review Next Review

2026-12-01

Expiry Date (Optional)

No response

Summary of Changes

Update query to reduce the high amount of false positives

Metadata

Metadata

Assignees

Labels

detection-rule

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions