Skip to content

Commit

Permalink
Update credential_access_suspicious_web_browser_sensitive_file_access…
Browse files Browse the repository at this point in the history 
….toml (#3691)

(cherry picked from commit ec27bf8)
  • Loading branch information
@Samirbous @github-actions
Samirbous authored and github-actions[bot] committed May 18, 2024
1 parent befba41 commit 30460bd
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ integration = ["endpoint"]
maturity = "production"
min_stack_comments = "New fields added: file_access_events, process.Ext.effective_parent"
min_stack_version = "8.11.0"
updated_date = "2024/02/06"
updated_date = "2024/05/17"

[rule]
author = ["Elastic"]
Expand All @@ -13,7 +13,7 @@ Identifies the access or file open of web browser sensitive files by an untruste
Adversaries may acquire credentials from web browsers by reading files specific to the target browser.
"""
from = "now-9m"
index = ["logs-endpoint.events.file.*"]
index = ["logs-endpoint.events.file-*"]
language = "eql"
license = "Elastic License v2"
name = "Suspicious Web Browser Sensitive File Access"
Expand Down

0 comments on commit 30460bd

Please sign in to comment.