-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update misnamed eventid #3144
Update misnamed eventid #3144
Conversation
of datasources. this was mostly removing spaces to convert "Sysmon Event ID N" to "Sysmon EventID N". Also fix some ymls that used the field "data_sources" when it should be "data_source"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM-
Failing CI jobs are currently unavoidable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the change in detections/application/windows_ad_privileged_group_modification.yml
require a version bump?
Yes, nice catch! In fact this IS caught by the version-checking, it's just obfuscated by the other error on missing non-public content. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A number of YMLs had issues around the data_source object(s) in the YMLs.
Either the wrong named were used for Sysmon EventID (a space was accidentally included), the key in the YML was
data_sources
instead ofdata_source
, or other minor issues.This PR should resolve those issues.