Closed Aegrah closed 3 months ago
Converts the rule from new_terms to EQL by adding a robust set of exclusions. 0 hits in telemetry last 90d, 0 FPs in my stack last year.
Summary
Converts the rule from new_terms to EQL by adding a robust set of exclusions. 0 hits in telemetry last 90d, 0 FPs in my stack last year.