github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution][Endpoint] Fix index name pattern in SentinelOne dev. script (#174105)

Browse source 
## Summary

- Corrects index name pattern for S1 alerts in the SIEM Rule that the
SentinelOne dev script uses

🤦
This commit is contained in:
Paul Tavares 2024-01-02 15:16:29 -05:00 committed by GitHub
parent b0c6cc9777
commit ce71d12d32
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/scripts/endpoint/sentinelone_host/common.ts
View file

@ -265,7 +265,7 @@ export const createDetectionEngineSentinelOneRuleIfNeeded = async (
log: ToolingLog
): Promise<RuleResponse> => {
const ruleName = 'Promote SentinelOne alerts';
const sentinelOneAlertsIndexPattern = 'logs-sentinel_one.alert';
const sentinelOneAlertsIndexPattern = 'logs-sentinel_one.alert*';
const ruleQueryValue = 'observer.serial_number:*';
const { data } = await findRules(kbnClient, {