Closed Samirbous closed 2 weeks ago
These guidelines serve as a reminder set of considerations when addressing adding a new schema feature to the code.
make test-cli
)make test-remote-cli
)@Samirbous Wow, is the index patternlogs-panw.panos*
really added to all these rules?? This is amazing news and means the customizations which were done by us together with @ckauf will no longer negatively impact these rules.
100x thanks from the District09 NSOC team!!
https://github.com/elastic/detection-rules/issues/3998
This PR adds the PANOS traffic index
.ds-logs-panw.panos-default-*
to the network rules using fields that are compatible :Potential Network Scan Detected Accepted Default Telnet Port Connection Roshal Archive (RAR) or PowerShell File Downloaded from the Internet Possible FIN7 DGA Command and Control Behavior IPSEC NAT Traversal Port Activity SMTP on Port 26/TCP RDP (Remote Desktop Protocol) from the Internet VNC (Virtual Network Computing) from the Internet VNC (Virtual Network Computing) to the Internet Potential Network Sweep Detected Potential SYN-Based Network Scan Detected RPC (Remote Procedure Call) from the Internet RPC (Remote Procedure Call) to the Internet SMB (Windows File Sharing) Activity to the Internet