Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positives from "Correlate Unfamiliar sign-in properties & atypical travel alerts" When Changing User Risk #11538

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

False Positives from "Correlate Unfamiliar sign-in properties & atypical travel alerts" When Changing User Risk #11538

wants to merge 1 commit into from
+23 −21

Conversation

v-visodadasi
Copy link
Contributor

Required items, please complete

Change(s):

  • Modified query to exclude events where the Comments field starts with "Risk detail: Admin"

Reason for Change(s):

  • To exclude alerts that are the result of admin actions, helping to reduce false positives.

Version Updated:

  • Yes

Testing Completed:

  • Yes

@contentautomationbot ContentAutomationBot
Copy link

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@v-visodadasi v-visodadasi linked an issue Dec 9, 2024 that may be closed by this pull request
False Positives from "Correlate Unfamiliar sign-in properties & atypical travel alerts" When Changing User Risk #11510
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@v-prasadboke v-prasadboke

Labels
Analytic Rules
Projects
None yet
Milestone
No milestone
2 participants
@v-visodadasi @v-prasadboke