Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Expand DF Query in the high_count_network_denies ML job #101679

Closed
randomuserid opened this issue Jun 8, 2021 · 1 comment
Assignees
Labels
bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.2 v7.14.0 v8.0.0

Comments

@randomuserid
Copy link
Contributor

Describe the bug:

Network ACL deny events are populated differently by different modules so we need to OR another field test in the DF query.

Kibana/Elasticsearch Stack version:

7.13

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Security ML Jobs

@randomuserid randomuserid added bug Fixes for quality problems that affect the customer experience v8.0.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.14.0 v7.13.2 labels Jun 8, 2021
@randomuserid randomuserid self-assigned this Jun 8, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.2 v7.14.0 v8.0.0
Projects
None yet
Development

No branches or pull requests

2 participants