From ef3b7ebfab031d56f4912c656081903c8c051c37 Mon Sep 17 00:00:00 2001 From: Ben Skelker <54019610+benskelker@users.noreply.github.com> Date: Thu, 7 May 2020 05:59:56 +0300 Subject: [PATCH] updates prebuilt endpoint rules look back time (#1040) --- .../adversary-behavior-detected-elastic-endpoint.asciidoc | 2 +- .../credential-dumping-detected-elastic-endpoint.asciidoc | 2 +- .../credential-dumping-prevented-elastic-endpoint.asciidoc | 2 +- .../credential-manipulation-detected-elastic-endpoint.asciidoc | 2 +- .../credential-manipulation-prevented-elastic-endpoint.asciidoc | 2 +- .../rule-details/exploit-detected-elastic-endpoint.asciidoc | 2 +- .../rule-details/exploit-prevented-elastic-endpoint.asciidoc | 2 +- .../rule-details/malware-detected-elastic-endpoint.asciidoc | 2 +- .../rule-details/malware-prevented-elastic-endpoint.asciidoc | 2 +- .../permission-theft-detected-elastic-endpoint.asciidoc | 2 +- .../permission-theft-prevented-elastic-endpoint.asciidoc | 2 +- .../process-injection-detected-elastic-endpoint.asciidoc | 2 +- .../process-injection-prevented-elastic-endpoint.asciidoc | 2 +- .../rule-details/ransomware-detected-elastic-endpoint.asciidoc | 2 +- .../rule-details/ransomware-prevented-elastic-endpoint.asciidoc | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/en/siem/rule-details/adversary-behavior-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/adversary-behavior-detected-elastic-endpoint.asciidoc index b6e17b6a3..b214633a8 100644 --- a/docs/en/siem/rule-details/adversary-behavior-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/adversary-behavior-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/credential-dumping-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/credential-dumping-detected-elastic-endpoint.asciidoc index 99ee0e402..ef211b5f2 100644 --- a/docs/en/siem/rule-details/credential-dumping-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/credential-dumping-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/credential-dumping-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/credential-dumping-prevented-elastic-endpoint.asciidoc index 84697b849..03b4a6df6 100644 --- a/docs/en/siem/rule-details/credential-dumping-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/credential-dumping-prevented-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/credential-manipulation-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/credential-manipulation-detected-elastic-endpoint.asciidoc index ef8969aac..e41bd0ad3 100644 --- a/docs/en/siem/rule-details/credential-manipulation-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/credential-manipulation-detected-elastic-endpoint.asciidoc @@ -18,7 +18,7 @@ information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/credential-manipulation-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/credential-manipulation-prevented-elastic-endpoint.asciidoc index 0ffae92f6..e4d1c903e 100644 --- a/docs/en/siem/rule-details/credential-manipulation-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/credential-manipulation-prevented-elastic-endpoint.asciidoc @@ -18,7 +18,7 @@ information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/exploit-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/exploit-detected-elastic-endpoint.asciidoc index 3db1d4d11..032076484 100644 --- a/docs/en/siem/rule-details/exploit-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/exploit-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/exploit-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/exploit-prevented-elastic-endpoint.asciidoc index 354349db9..a8f40b3e8 100644 --- a/docs/en/siem/rule-details/exploit-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/exploit-prevented-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/malware-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/malware-detected-elastic-endpoint.asciidoc index a02063ac3..1a0de09cb 100644 --- a/docs/en/siem/rule-details/malware-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/malware-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/malware-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/malware-prevented-elastic-endpoint.asciidoc index f2e74a296..ba6ce2504 100644 --- a/docs/en/siem/rule-details/malware-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/malware-prevented-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/permission-theft-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/permission-theft-detected-elastic-endpoint.asciidoc index 331c89699..e9b75bc62 100644 --- a/docs/en/siem/rule-details/permission-theft-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/permission-theft-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/permission-theft-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/permission-theft-prevented-elastic-endpoint.asciidoc index 2f9b1e2b1..524fcf2ef 100644 --- a/docs/en/siem/rule-details/permission-theft-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/permission-theft-prevented-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/process-injection-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/process-injection-detected-elastic-endpoint.asciidoc index 55c4afaad..4d3a6a764 100644 --- a/docs/en/siem/rule-details/process-injection-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/process-injection-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/process-injection-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/process-injection-prevented-elastic-endpoint.asciidoc index 6214869bf..6cffee779 100644 --- a/docs/en/siem/rule-details/process-injection-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/process-injection-prevented-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ External Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/ransomware-detected-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/ransomware-detected-elastic-endpoint.asciidoc index c15d7a61d..1ff4d7d7b 100644 --- a/docs/en/siem/rule-details/ransomware-detected-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/ransomware-detected-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100 diff --git a/docs/en/siem/rule-details/ransomware-prevented-elastic-endpoint.asciidoc b/docs/en/siem/rule-details/ransomware-prevented-elastic-endpoint.asciidoc index 804dc234a..62edec61d 100644 --- a/docs/en/siem/rule-details/ransomware-prevented-elastic-endpoint.asciidoc +++ b/docs/en/siem/rule-details/ransomware-prevented-elastic-endpoint.asciidoc @@ -17,7 +17,7 @@ Alerts tab of the SIEM *Detections* page for additional information. *Runs every*: 10 minutes -*Searches indices from*: now-660s ({ref}/common-options.html#date-math[Date Math format], see also <>) +*Searches indices from*: now-15m ({ref}/common-options.html#date-math[Date Math format], see also <>) *Maximum signals per execution*: 100