Open
Description
Epic Link
https://github.com/elastic/ia-trade-team/issues/609
Meta Summary
To help analysts decrease time spent on manual severity analysis, we should reconsider the default severity for all detection rules based on false positives, and subject knowledge. This meta will be used to analyze the Linux detection rules ruleset, improve rules, severities descriptions and setup guides, to better aid investigators in Linux alert investigation.
Items to consider:
- Rule name + description
- Setup guide (in case of Auditd/FIM rules)
- Rule severity