Skip to content

Commit

Permalink
Update rules/integrations/endpoint/execution_elastic_malicious_file_d…
Browse files Browse the repository at this point in the history 
…etected.toml

Co-authored-by: Terrance DeJesus <[email protected]>
  • Loading branch information
@Samirbous @terrancedejesus
Samirbous and terrancedejesus authored Dec 18, 2024
1 parent 99d5294 commit a424067
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,6 @@ Files are scanned on write or deletion, process executables are scanned on execu
- Assess whether this file is prevalent in the environment by looking for similar occurrences across hosts by `file.hash.sha256` or by `file.name` patterns.
- Verify the activity of the `user.name` associated with Malware alert (local or remote actity, privileged or standard user).
- Verify if there are any other Alert types (Behavior or Memory Threat) associated with the same host or user or process within the same time.
### False positive analysis
- Other endpoint security vendors especially with their quarantine folders.
Expand Down

0 comments on commit a424067

Please sign in to comment.