[Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules #945
Commits on Feb 12, 2021
Commits on Feb 17, 2021
-
-
Merge remote-tracking branch 'upstream/7.12' into rule-tuning/add-tim…
…estamp-override # Conflicts: # rules/apm/apm_403_response_to_a_post.toml # rules/apm/apm_405_response_method_not_allowed.toml # rules/apm/apm_null_user_agent.toml # rules/apm/apm_sqlmap_user_agent.toml # rules/aws/collection_cloudtrail_logging_created.toml # rules/aws/credential_access_iam_user_addition_to_group.toml # rules/aws/credential_access_secretsmanager_getsecretvalue.toml # rules/aws/defense_evasion_cloudtrail_logging_deleted.toml # rules/aws/defense_evasion_cloudtrail_logging_suspended.toml # rules/aws/defense_evasion_cloudwatch_alarm_deletion.toml # rules/aws/defense_evasion_config_service_rule_deletion.toml # rules/aws/defense_evasion_configuration_recorder_stopped.toml # rules/aws/defense_evasion_ec2_flow_log_deletion.toml # rules/aws/defense_evasion_ec2_network_acl_deletion.toml # rules/aws/defense_evasion_guardduty_detector_deletion.toml # rules/aws/defense_evasion_s3_bucket_configuration_deletion.toml # rules/aws/defense_evasion_waf_acl_deletion.toml # rules/aws/defense_evasion_waf_rule_or_rule_group_deletion.toml # rules/aws/exfiltration_ec2_snapshot_change_activity.toml # rules/aws/impact_cloudtrail_logging_updated.toml # rules/aws/impact_cloudwatch_log_group_deletion.toml # rules/aws/impact_cloudwatch_log_stream_deletion.toml # rules/aws/impact_ec2_disable_ebs_encryption.toml # rules/aws/impact_iam_deactivate_mfa_device.toml # rules/aws/impact_iam_group_deletion.toml # rules/aws/impact_rds_cluster_deletion.toml # rules/aws/impact_rds_instance_cluster_stoppage.toml # rules/aws/initial_access_console_login_root.toml # rules/aws/initial_access_password_recovery.toml # rules/aws/initial_access_via_system_manager.toml # rules/aws/persistence_ec2_network_acl_creation.toml # rules/aws/persistence_iam_group_creation.toml # rules/aws/persistence_rds_cluster_creation.toml # rules/aws/privilege_escalation_root_login_without_mfa.toml # rules/aws/privilege_escalation_updateassumerolepolicy.toml # rules/azure/collection_update_event_hub_auth_rule.toml # rules/azure/credential_access_key_vault_modified.toml # rules/azure/credential_access_storage_account_key_regenerated.toml # rules/azure/defense_evasion_azure_application_credential_modification.toml # rules/azure/defense_evasion_azure_diagnostic_settings_deletion.toml # rules/azure/defense_evasion_azure_service_principal_addition.toml # rules/azure/defense_evasion_event_hub_deletion.toml # rules/azure/defense_evasion_firewall_policy_deletion.toml # rules/azure/defense_evasion_network_watcher_deletion.toml # rules/azure/discovery_blob_container_access_mod.toml # rules/azure/execution_command_virtual_machine.toml # rules/azure/impact_azure_automation_runbook_deleted.toml # rules/azure/impact_resource_group_deletion.toml # rules/azure/initial_access_azure_active_directory_powershell_signin.toml # rules/azure/initial_access_consent_grant_attack_via_azure_registered_application.toml # rules/azure/initial_access_external_guest_user_invite.toml # rules/azure/persistence_azure_automation_account_created.toml # rules/azure/persistence_azure_automation_runbook_created_or_modified.toml # rules/azure/persistence_azure_automation_webhook_created.toml # rules/azure/persistence_azure_conditional_access_policy_modified.toml # rules/azure/persistence_azure_pim_user_added_global_admin.toml # rules/azure/persistence_azure_privileged_identity_management_role_modified.toml # rules/azure/persistence_mfa_disabled_for_azure_user.toml # rules/azure/persistence_user_added_as_owner_for_azure_application.toml # rules/azure/persistence_user_added_as_owner_for_azure_service_principal.toml # rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml # rules/cross-platform/impact_hosts_file_modified.toml # rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml # rules/cross-platform/privilege_escalation_setuid_setgid_bit_set_via_chmod.toml # rules/cross-platform/privilege_escalation_sudoers_file_mod.toml # rules/gcp/collection_gcp_pub_sub_subscription_creation.toml # rules/gcp/collection_gcp_pub_sub_topic_creation.toml # rules/gcp/defense_evasion_gcp_firewall_rule_created.toml # rules/gcp/defense_evasion_gcp_firewall_rule_deleted.toml # rules/gcp/defense_evasion_gcp_firewall_rule_modified.toml # rules/gcp/defense_evasion_gcp_logging_bucket_deletion.toml # rules/gcp/defense_evasion_gcp_logging_sink_deletion.toml # rules/gcp/defense_evasion_gcp_pub_sub_subscription_deletion.toml # rules/gcp/defense_evasion_gcp_pub_sub_topic_deletion.toml # rules/gcp/defense_evasion_gcp_storage_bucket_configuration_modified.toml # rules/gcp/defense_evasion_gcp_storage_bucket_permissions_modified.toml # rules/gcp/exfiltration_gcp_logging_sink_modification.toml # rules/gcp/impact_gcp_iam_role_deletion.toml # rules/gcp/impact_gcp_service_account_deleted.toml # rules/gcp/impact_gcp_service_account_disabled.toml # rules/gcp/impact_gcp_storage_bucket_deleted.toml # rules/gcp/impact_gcp_virtual_private_cloud_network_deleted.toml # rules/gcp/impact_gcp_virtual_private_cloud_route_created.toml # rules/gcp/impact_gcp_virtual_private_cloud_route_deleted.toml # rules/gcp/initial_access_gcp_iam_custom_role_creation.toml # rules/gcp/persistence_gcp_iam_service_account_key_deletion.toml # rules/gcp/persistence_gcp_key_created_for_service_account.toml # rules/gcp/persistence_gcp_service_account_created.toml # rules/google-workspace/application_added_to_google_workspace_domain.toml # rules/google-workspace/domain_added_to_google_workspace_trusted_domains.toml # rules/google-workspace/google_workspace_admin_role_deletion.toml # rules/google-workspace/google_workspace_mfa_enforcement_disabled.toml # rules/google-workspace/google_workspace_policy_modified.toml # rules/google-workspace/mfa_disabled_for_google_workspace_organization.toml # rules/google-workspace/persistence_google_workspace_admin_role_assigned_to_user.toml # rules/google-workspace/persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.toml # rules/google-workspace/persistence_google_workspace_custom_admin_role_created.toml # rules/google-workspace/persistence_google_workspace_role_modified.toml # rules/linux/credential_access_tcpdump_activity.toml # rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml # rules/linux/defense_evasion_attempt_to_disable_syslog_service.toml # rules/linux/defense_evasion_base16_or_base32_encoding_or_decoding_activity.toml # rules/linux/defense_evasion_base64_encoding_or_decoding_activity.toml # rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml # rules/linux/defense_evasion_disable_selinux_attempt.toml # rules/linux/defense_evasion_file_deletion_via_shred.toml # rules/linux/defense_evasion_file_mod_writable_dir.toml # rules/linux/defense_evasion_hex_encoding_or_decoding_activity.toml # rules/linux/defense_evasion_hidden_file_dir_tmp.toml # rules/linux/defense_evasion_kernel_module_removal.toml # rules/linux/defense_evasion_log_files_deleted.toml # rules/linux/defense_evasion_timestomp_touch.toml # rules/linux/discovery_kernel_module_enumeration.toml # rules/linux/discovery_virtual_machine_fingerprinting.toml # rules/linux/discovery_whoami_commmand.toml # rules/linux/execution_perl_tty_shell.toml # rules/linux/execution_python_tty_shell.toml # rules/linux/linux_hping_activity.toml # rules/linux/linux_iodine_activity.toml # rules/linux/linux_mknod_activity.toml # rules/linux/linux_nmap_activity.toml # rules/linux/linux_nping_activity.toml # rules/linux/linux_process_started_in_temp_directory.toml # rules/linux/linux_socat_activity.toml # rules/linux/linux_strace_activity.toml # rules/linux/persistence_kernel_module_activity.toml # rules/linux/persistence_shell_activity_by_web_server.toml # rules/macos/credential_access_credentials_keychains.toml # rules/macos/credential_access_kerberosdump_kcc.toml # rules/macos/credential_access_promt_for_pwd_via_osascript.toml # rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml # rules/macos/lateral_movement_remote_ssh_login_enabled.toml # rules/macos/persistence_login_logout_hooks_defaults.toml # rules/microsoft-365/defense_evasion_microsoft_365_exchange_dlp_policy_removed.toml # rules/microsoft-365/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.toml # rules/microsoft-365/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.toml # rules/microsoft-365/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.toml # rules/microsoft-365/exfiltration_microsoft_365_exchange_transport_rule_creation.toml # rules/microsoft-365/exfiltration_microsoft_365_exchange_transport_rule_mod.toml # rules/microsoft-365/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.toml # rules/microsoft-365/initial_access_microsoft_365_exchange_anti_phish_rule_mod.toml # rules/microsoft-365/initial_access_microsoft_365_exchange_safelinks_disabled.toml # rules/microsoft-365/microsoft_365_exchange_dkim_signing_config_disabled.toml # rules/microsoft-365/microsoft_365_teams_custom_app_interaction_allowed.toml # rules/microsoft-365/persistence_microsoft_365_exchange_management_role_assignment.toml # rules/microsoft-365/persistence_microsoft_365_teams_external_access_enabled.toml # rules/microsoft-365/persistence_microsoft_365_teams_guest_access_enabled.toml # rules/network/command_and_control_cobalt_strike_beacon.toml # rules/network/command_and_control_cobalt_strike_default_teamserver_cert.toml # rules/network/command_and_control_dns_directly_to_the_internet.toml # rules/network/command_and_control_download_rar_powershell_from_internet.toml # rules/network/command_and_control_fin7_c2_behavior.toml # rules/network/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.toml # rules/network/command_and_control_halfbaked_beacon.toml # rules/network/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.toml # rules/network/command_and_control_nat_traversal_port_activity.toml # rules/network/command_and_control_port_26_activity.toml # rules/network/command_and_control_port_8000_activity_to_the_internet.toml # rules/network/command_and_control_pptp_point_to_point_tunneling_protocol_activity.toml # rules/network/command_and_control_proxy_port_activity_to_the_internet.toml # rules/network/command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml # rules/network/command_and_control_smtp_to_the_internet.toml # rules/network/command_and_control_sql_server_port_activity_to_the_internet.toml # rules/network/command_and_control_ssh_secure_shell_from_the_internet.toml # rules/network/command_and_control_ssh_secure_shell_to_the_internet.toml # rules/network/command_and_control_telnet_port_activity.toml # rules/network/command_and_control_tor_activity_to_the_internet.toml # rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml # rules/network/command_and_control_vnc_virtual_network_computing_to_the_internet.toml # rules/network/discovery_post_exploitation_public_ip_reconnaissance.toml # rules/network/initial_access_rdp_remote_desktop_protocol_to_the_internet.toml # rules/network/initial_access_rpc_remote_procedure_call_from_the_internet.toml # rules/network/initial_access_rpc_remote_procedure_call_to_the_internet.toml # rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml # rules/network/initial_access_unsecure_elasticsearch_node.toml # rules/okta/attempt_to_deactivate_okta_network_zone.toml # rules/okta/attempt_to_delete_okta_network_zone.toml # rules/okta/credential_access_attempted_bypass_of_okta_mfa.toml # rules/okta/impact_attempt_to_revoke_okta_api_token.toml # rules/okta/impact_possible_okta_dos_attack.toml # rules/okta/initial_access_suspicious_activity_reported_by_okta_user.toml # rules/okta/okta_attempt_to_deactivate_okta_application.toml # rules/okta/okta_attempt_to_deactivate_okta_policy.toml # rules/okta/okta_attempt_to_deactivate_okta_policy_rule.toml # rules/okta/okta_attempt_to_delete_okta_application.toml # rules/okta/okta_attempt_to_delete_okta_policy.toml # rules/okta/okta_attempt_to_delete_okta_policy_rule.toml # rules/okta/okta_attempt_to_modify_okta_application.toml # rules/okta/okta_attempt_to_modify_okta_network_zone.toml # rules/okta/okta_attempt_to_modify_okta_policy.toml # rules/okta/okta_attempt_to_modify_okta_policy_rule.toml # rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml # rules/okta/okta_threat_detected_by_okta_threatinsight.toml # rules/okta/persistence_administrator_privileges_assigned_to_okta_group.toml # rules/okta/persistence_administrator_role_assigned_to_okta_user.toml # rules/okta/persistence_attempt_to_create_okta_api_token.toml # rules/okta/persistence_attempt_to_deactivate_mfa_for_okta_user_account.toml # rules/okta/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.toml # rules/promotions/elastic_endpoint.toml # rules/promotions/endpoint_adversary_behavior_detected.toml # rules/promotions/endpoint_cred_dumping_detected.toml # rules/promotions/endpoint_cred_dumping_prevented.toml # rules/promotions/endpoint_cred_manipulation_detected.toml # rules/promotions/endpoint_cred_manipulation_prevented.toml # rules/promotions/endpoint_exploit_detected.toml # rules/promotions/endpoint_exploit_prevented.toml # rules/promotions/endpoint_malware_detected.toml # rules/promotions/endpoint_malware_prevented.toml # rules/promotions/endpoint_permission_theft_detected.toml # rules/promotions/endpoint_permission_theft_prevented.toml # rules/promotions/endpoint_process_injection_detected.toml # rules/promotions/endpoint_process_injection_prevented.toml # rules/promotions/endpoint_ransomware_detected.toml # rules/promotions/endpoint_ransomware_prevented.toml # rules/promotions/external_alerts.toml # rules/windows/collection_email_powershell_exchange_mailbox.toml # rules/windows/collection_persistence_powershell_exch_mailbox_activesync_add_device.toml # rules/windows/collection_winrar_encryption.toml # rules/windows/command_and_control_common_webservices.toml # rules/windows/command_and_control_encrypted_channel_freesslcert.toml # rules/windows/command_and_control_remote_file_copy_desktopimgdownldr.toml # rules/windows/command_and_control_remote_file_copy_mpcmdrun.toml # rules/windows/command_and_control_sunburst_c2_activity_detected.toml # rules/windows/command_and_control_teamviewer_remote_file_copy.toml # rules/windows/credential_access_cmdline_dump_tool.toml # rules/windows/credential_access_copy_ntds_sam_volshadowcp_cmdline.toml # rules/windows/credential_access_credential_dumping_msbuild.toml # rules/windows/credential_access_domain_backup_dpapi_private_keys.toml # rules/windows/credential_access_iis_apppoolsa_pwd_appcmd.toml # rules/windows/credential_access_iis_connectionstrings_dumping.toml # rules/windows/credential_access_kerberoasting_unusual_process.toml # rules/windows/credential_access_lsass_memdump_file_created.toml # rules/windows/credential_access_mimikatz_memssp_default_logs.toml # rules/windows/credential_access_mimikatz_powershell_module.toml # rules/windows/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.toml # rules/windows/defense_evasion_clearing_windows_event_logs.toml # rules/windows/defense_evasion_code_injection_conhost.toml # rules/windows/defense_evasion_cve_2020_0601.toml # rules/windows/defense_evasion_delete_volume_usn_journal_with_fsutil.toml # rules/windows/defense_evasion_deleting_backup_catalogs_with_wbadmin.toml # rules/windows/defense_evasion_disable_windows_firewall_rules_with_netsh.toml # rules/windows/defense_evasion_dotnet_compiler_parent_process.toml # rules/windows/defense_evasion_enable_inbound_rdp_with_netsh.toml # rules/windows/defense_evasion_encoding_or_decoding_files_via_certutil.toml # rules/windows/defense_evasion_execution_lolbas_wuauclt.toml # rules/windows/defense_evasion_execution_msbuild_started_by_office_app.toml # rules/windows/defense_evasion_execution_msbuild_started_by_script.toml # rules/windows/defense_evasion_execution_msbuild_started_by_system_process.toml # rules/windows/defense_evasion_execution_msbuild_started_renamed.toml # rules/windows/defense_evasion_execution_msbuild_started_unusal_process.toml # rules/windows/defense_evasion_execution_suspicious_explorer_winword.toml # rules/windows/defense_evasion_execution_via_trusted_developer_utilities.toml # rules/windows/defense_evasion_hide_encoded_executable_registry.toml # rules/windows/defense_evasion_iis_httplogging_disabled.toml # rules/windows/defense_evasion_injection_msbuild.toml # rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml # rules/windows/defense_evasion_masquerading_renamed_autoit.toml # rules/windows/defense_evasion_masquerading_suspicious_werfault_childproc.toml # rules/windows/defense_evasion_masquerading_trusted_directory.toml # rules/windows/defense_evasion_modification_of_boot_config.toml # rules/windows/defense_evasion_port_forwarding_added_registry.toml # rules/windows/defense_evasion_scheduledjobs_at_protocol_enabled.toml # rules/windows/defense_evasion_sdelete_like_filename_rename.toml # rules/windows/defense_evasion_solarwinds_backdoor_service_disabled_via_registry.toml # rules/windows/defense_evasion_suspicious_managedcode_host_process.toml # rules/windows/defense_evasion_suspicious_zoom_child_process.toml # rules/windows/defense_evasion_system_critical_proc_abnormal_file_activity.toml # rules/windows/defense_evasion_unusual_dir_ads.toml # rules/windows/defense_evasion_unusual_system_vp_child_program.toml # rules/windows/defense_evasion_via_filter_manager.toml # rules/windows/defense_evasion_volume_shadow_copy_deletion_via_wmic.toml # rules/windows/discovery_adfind_command_activity.toml # rules/windows/discovery_admin_recon.toml # rules/windows/discovery_file_dir_discovery.toml # rules/windows/discovery_net_command_system_account.toml # rules/windows/discovery_net_view.toml # rules/windows/discovery_peripheral_device.toml # rules/windows/discovery_process_discovery_via_tasklist_command.toml # rules/windows/discovery_query_registry_via_reg.toml # rules/windows/discovery_remote_system_discovery_commands_windows.toml # rules/windows/discovery_security_software_wmic.toml # rules/windows/discovery_whoami_command_activity.toml # rules/windows/execution_apt_solarwinds_backdoor_child_cmd_powershell.toml # rules/windows/execution_apt_solarwinds_backdoor_unusual_child_processes.toml # rules/windows/execution_command_shell_started_by_powershell.toml # rules/windows/execution_command_shell_started_by_svchost.toml # rules/windows/execution_command_shell_started_by_unusual_process.toml # rules/windows/execution_command_shell_via_rundll32.toml # rules/windows/execution_from_unusual_directory.toml # rules/windows/execution_from_unusual_path_cmdline.toml # rules/windows/execution_shared_modules_local_sxs_dll.toml # rules/windows/execution_suspicious_cmd_wmi.toml # rules/windows/execution_suspicious_image_load_wmi_ms_office.toml # rules/windows/execution_suspicious_pdf_reader.toml # rules/windows/execution_suspicious_powershell_imgload.toml # rules/windows/execution_suspicious_psexesvc.toml # rules/windows/execution_suspicious_short_program_name.toml # rules/windows/execution_via_compiled_html_file.toml # rules/windows/execution_via_hidden_shell_conhost.toml # rules/windows/execution_via_net_com_assemblies.toml # rules/windows/execution_via_xp_cmdshell_mssql_stored_procedure.toml # rules/windows/impact_volume_shadow_copy_deletion_via_vssadmin.toml # rules/windows/initial_access_script_executing_powershell.toml # rules/windows/initial_access_suspicious_ms_office_child_process.toml # rules/windows/initial_access_suspicious_ms_outlook_child_process.toml # rules/windows/initial_access_unusual_dns_service_children.toml # rules/windows/initial_access_unusual_dns_service_file_writes.toml # rules/windows/initial_access_via_explorer_suspicious_child_parent_args.toml # rules/windows/lateral_movement_dns_server_overflow.toml # rules/windows/lateral_movement_execution_from_tsclient_mup.toml # rules/windows/lateral_movement_local_service_commands.toml # rules/windows/lateral_movement_mount_hidden_or_webdav_share_net.toml # rules/windows/lateral_movement_rdp_enabled_registry.toml # rules/windows/lateral_movement_rdp_tunnel_plink.toml # rules/windows/lateral_movement_remote_file_copy_hidden_share.toml # rules/windows/lateral_movement_suspicious_rdp_client_imageload.toml # rules/windows/lateral_movement_via_startup_folder_rdp_smb.toml # rules/windows/persistence_adobe_hijack_persistence.toml # rules/windows/persistence_appcertdlls_registry.toml # rules/windows/persistence_appinitdlls_registry.toml # rules/windows/persistence_evasion_registry_ifeo_injection.toml # rules/windows/persistence_gpo_schtask_service_creation.toml # rules/windows/persistence_local_scheduled_task_commands.toml # rules/windows/persistence_ms_office_addins_file.toml # rules/windows/persistence_ms_outlook_vba_template.toml # rules/windows/persistence_priv_escalation_via_accessibility_features.toml # rules/windows/persistence_registry_uncommon.toml # rules/windows/persistence_run_key_and_startup_broad.toml # rules/windows/persistence_services_registry.toml # rules/windows/persistence_startup_folder_file_written_by_suspicious_process.toml # rules/windows/persistence_startup_folder_scripts.toml # rules/windows/persistence_suspicious_com_hijack_registry.toml # rules/windows/persistence_suspicious_image_load_scheduled_task_ms_office.toml # rules/windows/persistence_suspicious_scheduled_task_runtime.toml # rules/windows/persistence_suspicious_service_created_registry.toml # rules/windows/persistence_system_shells_via_services.toml # rules/windows/persistence_user_account_creation.toml # rules/windows/persistence_via_application_shimming.toml # rules/windows/persistence_via_hidden_run_key_valuename.toml # rules/windows/persistence_via_lsa_security_support_provider_registry.toml # rules/windows/persistence_via_telemetrycontroller_scheduledtask_hijack.toml # rules/windows/persistence_via_update_orchestrator_service_hijack.toml # rules/windows/persistence_via_windows_management_instrumentation_event_subscription.toml # rules/windows/privilege_escalation_named_pipe_impersonation.toml # rules/windows/privilege_escalation_printspooler_service_suspicious_file.toml # rules/windows/privilege_escalation_printspooler_suspicious_spl_file.toml # rules/windows/privilege_escalation_rogue_windir_environment_var.toml # rules/windows/privilege_escalation_uac_bypass_com_clipup.toml # rules/windows/privilege_escalation_uac_bypass_com_ieinstal.toml # rules/windows/privilege_escalation_uac_bypass_com_interface_icmluautil.toml # rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml # rules/windows/privilege_escalation_uac_bypass_dll_sideloading.toml # rules/windows/privilege_escalation_uac_bypass_event_viewer.toml # rules/windows/privilege_escalation_uac_bypass_mock_windir.toml # rules/windows/privilege_escalation_uac_bypass_winfw_mmc_hijack.toml # rules/windows/privilege_escalation_unusual_parentchild_relationship.toml # rules/windows/privilege_escalation_unusual_svchost_childproc_childless.toml
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.