Merge pull request #771 from Yamato-Security/make-alert-level-concise…

…-for-correlation-referenced-rules make the levels consistent for correlation referenced rules
Yamato-Security · Nov 13, 2024 · 375de85 · 375de85
2 parents e96b1bb + fab2d39
commit 375de85
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/...sa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_UserGuessing_Correlation.yml b/...sa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_UserGuessing_Correlation.yml
@@ -60,7 +60,7 @@ detection:
         IpAddress: "-"
     condition: selection and not filter
 falsepositives:
-level: informational
+level: medium
 ruletype: Hayabusa
 
 sample-evtx: |

diff --git a/...tin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_WrongPW_PW-Guessing_Correlation.yml b/...tin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_WrongPW_PW-Guessing_Correlation.yml
@@ -59,7 +59,7 @@ detection:
        - TargetUserName|endswith: "$"
     condition: selection and not filter
 falsepositives:
-level: informational
+level: medium
 ruletype: Hayabusa
 
 sample-evtx: |

diff --git a/...sa/builtin/Security/LogonLogoff/Logon/Sec_4648_Med_ExplicitLogon_PW-Spray_Correlation.yml b/...sa/builtin/Security/LogonLogoff/Logon/Sec_4648_Med_ExplicitLogon_PW-Spray_Correlation.yml
@@ -53,5 +53,5 @@ detection:
        - IpAddress: "-"
     condition: selection and not filter
 falsepositives:
-level: informational
+level: medium
 ruletype: Hayabusa