Skip to content

Commit

Permalink
Fix Dedup Period for Crowdstrike.Detection.passthrough (panther-labs#…
Browse files Browse the repository at this point in the history 
…1445)
  • Loading branch information
@ben-githubs
ben-githubs authored Dec 9, 2024
1 parent f8f7890 commit 8e38626
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/crowdstrike_rules/crowdstrike_detection_passthrough.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Tags:
Description: Crowdstrike Falcon has detected malicious activity on a host.
Runbook: Follow the Falcon console link and follow the IR process as needed.
Reference: https://www.crowdstrike.com/blog/tech-center/hunt-threat-activity-falcon-endpoint-protection/
DedupPeriodMinutes: 0
DedupPeriodMinutes: 60
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down

0 comments on commit 8e38626

Please sign in to comment.