github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

Exclude Malwarescore + Ransomware EP alerts from DRule telemetry. (#130233)

Browse source 
* Exclude malwarescore + ransomware endpoint alerts from sec telemetry.

* Remove endpoint module negation from query.
This commit is contained in:
Pete Hampton 2022-04-14 16:34:08 +01:00 committed by GitHub
parent 9c8440af1b
commit 4f6239da70
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 63 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

75
x-pack/plugins/security_solution/server/lib/telemetry/receiver.ts
View file

@ -533,8 +533,63 @@ export class TelemetryReceiver implements ITelemetryReceiver {
bool: {
should: [
{
match_phrase: {
'kibana.alert.rule.parameters.immutable': 'true',
bool: {
must_not: {
bool: {
should: [
{
match_phrase: {
'kibana.alert.rule.name': 'Malware Prevention Alert',
},
},
],
},
},
},
},
{
bool: {
must_not: {
bool: {
should: [
{
match_phrase: {
'kibana.alert.rule.name': 'Malware Detection Alert',
},
},
],
},
},
},
},
{
bool: {
must_not: {
bool: {
should: [
{
match_phrase: {
'kibana.alert.rule.name': 'Ransomware Prevention Alert',
},
},
],
},
},
},
},
{
bool: {
must_not: {
bool: {
should: [
{
match_phrase: {
'kibana.alert.rule.name': 'Ransomware Detection Alert',
},
},
],
},
},
},
},
],
@ -542,17 +597,13 @@ export class TelemetryReceiver implements ITelemetryReceiver {
},
{
bool: {
must_not: {
bool: {
should: [
{
match_phrase: {
'event.module': 'endpoint',
},
},
],
should: [
{
match_phrase: {
'kibana.alert.rule.parameters.immutable': 'true',
},
},
},
],
},
},
{