Skip to content

Commit

Permalink
[Security Solution][Endpoint] Fix index name pattern in SentinelOne d…
Browse files Browse the repository at this point in the history 
…ev. script (elastic#174105)

## Summary

- Corrects index name pattern for S1 alerts in the SIEM Rule that the
SentinelOne dev script uses

🤦
  • Loading branch information
@paul-tavares
paul-tavares authored Jan 2, 2024
1 parent b0c6cc9 commit ce71d12
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/scripts/endpoint/sentinelone_host/common.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ export const createDetectionEngineSentinelOneRuleIfNeeded = async (
log: ToolingLog
): Promise<RuleResponse> => {
const ruleName = 'Promote SentinelOne alerts';
const sentinelOneAlertsIndexPattern = 'logs-sentinel_one.alert';
const sentinelOneAlertsIndexPattern = 'logs-sentinel_one.alert*';
const ruleQueryValue = 'observer.serial_number:*';

const { data } = await findRules(kbnClient, {
Expand Down

0 comments on commit ce71d12

Please sign in to comment.