Skip to content

Commit

Permalink
Update DomainEntity_SecurityAlert.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@mkchiliveri
mkchiliveri authored Aug 9, 2023
1 parent 7cc1f69 commit 317ce89
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Solutions/Threat Intelligence/Analytic Rules/DomainEntity_SecurityAlert.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ query: |
// Create a list of TLDs in our threat feed for later validation
let list_tlds = ThreatIntelligenceIndicator
| where TimeGenerated >= ago(ioc_lookBack)
| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
| where Active == true and ExpirationDateTime > now()
| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
| where isnotempty(DomainName)
| extend parts = split(DomainName, '.')
| extend tld = parts[(array_length(parts)-1)]
Expand Down

0 comments on commit 317ce89

Please sign in to comment.