From 8e38626795a1c8ade822fd00e336e9998d4977dc Mon Sep 17 00:00:00 2001 From: ben-githubs <38414634+ben-githubs@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:55:35 -0600 Subject: [PATCH] Fix Dedup Period for Crowdstrike.Detection.passthrough (#1445) --- rules/crowdstrike_rules/crowdstrike_detection_passthrough.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/crowdstrike_rules/crowdstrike_detection_passthrough.yml b/rules/crowdstrike_rules/crowdstrike_detection_passthrough.yml index ce182e8d3..9e305b4fd 100644 --- a/rules/crowdstrike_rules/crowdstrike_detection_passthrough.yml +++ b/rules/crowdstrike_rules/crowdstrike_detection_passthrough.yml @@ -12,7 +12,7 @@ Tags: Description: Crowdstrike Falcon has detected malicious activity on a host. Runbook: Follow the Falcon console link and follow the IR process as needed. Reference: https://www.crowdstrike.com/blog/tech-center/hunt-threat-activity-falcon-endpoint-protection/ -DedupPeriodMinutes: 0 +DedupPeriodMinutes: 60 SummaryAttributes: - p_any_ip_addresses Tests: