False Negatives - Enhancing detection of true threats that were previously missed.
Description
Tune google_workspace.drive.visibility beyond just people_with_link to include shared_externally. If needed, we can revise the title to include Anonymous or External
Link to Rule
https://github.com/elastic/detection-rules/blob/51859e57f3e55b0478056c3be6ee27ea9154a70a/rules/integrations/google_workspace/credential_access_google_workspace_drive_encryption_key_accessed_by_anonymous_user.toml#L45
Rule Tuning Type
False Negatives - Enhancing detection of true threats that were previously missed.
Description
Tune google_workspace.drive.visibility beyond just
people_with_link
to includeshared_externally
. If needed, we can revise the title to includeAnonymous or External
Example Data
No response