Skip to content

Commit

Permalink
Merge pull request #1384 from Yamato-Security/1375-agg-condition-rule…
Browse files Browse the repository at this point in the history 
…-not-count-up

fix: count up `Event with hits` when aggregation/correlation rule
  • Loading branch information
@YamatoSecurity
YamatoSecurity authored Jul 15, 2024
2 parents 95ee553 + 62454b9 commit 25c1200
Show file tree
Hide file tree
Showing 8 changed files with 313 additions and 254 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG-Japanese.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@
- `Data`フィールドは、すべて`Data`フィールドとして、またはJSONの配列としてではなく、インデックス化された文字列として表示されるようになった。(#1371) (@fukusuket)
- 前: `"Data": ["17514", "Multiprocessor Free", "Service Pack 1"]`
- 後: `"Data[3]": "17514", "Data[4]": "Multiprocessor Free", "Data[5]": "Service Pack 1"`
- 集計ルールのアラートに、複数の結果がある場合でも`Channel``EventID`の情報が表示されるようにした。 (#1342) (@fukusuket)

**バグ修正:**
- Sigmaの相関ルールのカウントが`Events with hits`に表示されていなかった。(#1373) (@fukusuket)
- 集計ルールのカウントが`Events with hits`に表示されていなかった。(#1375) (@fukusuket)

## 2.16.0 [2024/06/11]

Expand Down
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@
- `Data` fields are now displayed as indexed strings instead of as all `Data` fields or in an array for JSON. (#1371) (@fukusuket)
- Before: `"Data": ["17514", "Multiprocessor Free", "Service Pack 1"]`
- After: `"Data[3]": "17514", "Data[4]": "Multiprocessor Free", "Data[5]": "Service Pack 1"`
- Aggregation rule alerts now show `Channel` and `EventID` information even when there are multiple results. (#1342) (@fukusuket)

**Bug Fixes:**
- Sigma correlation rule count was not showing up in `Events with hits`. (#1373) (@fukusuket)
- Aggregation condition rule count was not showing up in `Events with hits`. (#1375) (@fukusuket)

## 2.16.0 [2024/06/11]

Expand Down
Loading

0 comments on commit 25c1200

Please sign in to comment.