[Security Solution] Expand DF Query in the high_count_network_denies ML job #101679
Labels
bug
Fixes for quality problems that affect the customer experience
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v7.13.2
v7.14.0
v8.0.0
Describe the bug:
Network ACL deny events are populated differently by different modules so we need to OR another field test in the DF query.
Kibana/Elasticsearch Stack version:
7.13
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Security ML Jobs
The text was updated successfully, but these errors were encountered: