We have issues during create detection rule from Security Analytics -> Detection rules -> Create detection rule when using Log type other than provided (sigma). The issues are:
Log Type are changing to ID log, for example: Crowdstrike log will appear as "Mf A Dq 40 B xxxx xxx"
When saving, there are error said: [security_analytics_exception] Invalid rule category "mfadq40bhfu3-v6xlgmp"
How to recreate:
Go to Security Analytics, Detectors, Log types, and create log type
Use newly created log type to create Detection rules
We have issues during create detection rule from Security Analytics -> Detection rules -> Create detection rule when using Log type other than provided (sigma). The issues are:
How to recreate: