From 719d6f1ffd83fef2ad53c315b7fab156f774d746 Mon Sep 17 00:00:00 2001 From: Craig Chamberlain Date: Tue, 17 May 2022 13:04:13 -0400 Subject: [PATCH] Update v3_windows_anomalous_script.json the prefix was in the wrong place --- .../security_windows/ml/v3_windows_anomalous_script.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_script.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_script.json index 23425c68ea18a..022695bcf5a7d 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_script.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_script.json @@ -1,6 +1,6 @@ { "job_type": "anomaly_detector", - "description": "Looks for unusual powershell scripts that may indicate execution of malware, or persistence mechanisms.", + "description": "Security: Windows - Looks for unusual powershell scripts that may indicate execution of malware, or persistence mechanisms.", "groups": [ "endpoint", "event-log", @@ -13,7 +13,7 @@ "bucket_span": "15m", "detectors": [ { - "detector_description": "Security: Windows - Detects high information content in powershell.file.script_block_text values.", + "detector_description": "Detects high information content in powershell.file.script_block_text values.", "function": "high_info_content", "field_name": "powershell.file.script_block_text" }