[SIEM] Detection Fix typo in Adobe Hijack Persistence rule #58804

nicpenning · 2020-02-28T00:21:59Z

Fixes #58803

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

This was checked for breaking API changes and was labeled appropriately

Fixes #58803

kibanamachine · 2020-02-28T00:22:01Z

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

cla-checker-service · 2020-02-28T00:22:03Z

💚 CLA has been signed

TinaHeiligers · 2020-02-28T00:34:18Z

❌ Author of the following commits did not sign a Contributor Agreement:
7333864

Please, read and sign the above mentioned agreement if you want to contribute to this project

@nicpenning please read and sign the contributor agreement. Thanks!

elasticmachine · 2020-02-28T06:55:42Z

Pinging @elastic/siem (Team:SIEM)

FrankHassanabad

Change the version number and you will be good to go here.

...s/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_adobe_hijack_persistence.json

nicpenning

I updated the version from 1 to 2.

FrankHassanabad · 2020-02-28T16:27:43Z

Gave this a test run:

I see this now with the version bump on the UI:

And then I see this after I install it:

So I think we are good here. 👍 , thank you for the fix

brokensound77

Nice find!

LGTM 👍

FrankHassanabad

Checked out the code, test ran it in a local development environment and it looks like the rule updates as expected.

kibanamachine · 2020-03-01T17:23:25Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 44d125e

History

💔 Build #29928 failed a679619
💔 Build #29925 failed 7fe771a
💔 Build #29912 failed 8416883
💔 Build #29904 failed 49f5510
💔 Build #29886 failed a378fff

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

…8804) Fixes elastic#58803

* upstream/master: [SIEM] Detection Fix typo in Adobe Hijack Persistence rule (elastic#58804)

…dex-server-side * 'master' of github.com:elastic/kibana: (34 commits) [Upgrade Assistant] Remove "boom" from reindex service (elastic#58715) [data] Clean up QueryStringInput unit tests (elastic#58704) [SIEM] Detection Fix typo in Adobe Hijack Persistence rule (elastic#58804) Restores [SIEM][CASE] Init Configure Case Page (elastic#58121) (elastic#58924) Skips additional failing Ingest Manager integration tests Skips failing Ingest Manager integration tests Move dev tools styles to NP (elastic#58855) change to have kibana --ssl cli option use more recent certs (elastic#57933) disable failing suite (elastic#58942) Don't start pollEsNodesVersion unless someone subscribes (elastic#56923) Do not write UUID file during optimize process (elastic#58899) [Endpoint] Task/add nav bar (elastic#58604) [Metric Alerts] Add backend support for multiple expressions per alert (elastic#58672) [Metrics Alerts] Fix alerting on a rate aggregation (elastic#58789) disable flaky suite (elastic#55953) Revert "[SIEM] apollo@3 (elastic#51926)" and "[SIEM][CASE] Init Confi… (elastic#58806) [resubmit] Prep agg types for new platform (elastic#58893) [Lens] Allow number formatting within Lens (elastic#56253) [Autocomplete] Use settings from config rather than UI settings (elastic#58784) Improve action and trigger types (elastic#58657) ... # Conflicts: # x-pack/plugins/upgrade_assistant/server/routes/reindex_indices/reindex_indices.ts

…58993) Fixes #58803 Co-authored-by: Nic <nicpenning@hotmail.com>

…58992) Fixes #58803 Co-authored-by: Nic <nicpenning@hotmail.com>

Remove an extra e in msiexec.exe

7333864

Fixes #58803

nicpenning changed the title ~~Remove an extra e in msiexec.exe~~ [SIEM] Detection Fix typo in Adobe Hijack Persistence rule Feb 28, 2020

TinaHeiligers requested a review from a team February 28, 2020 00:35

kobelb requested review from FrankHassanabad and removed request for a team February 28, 2020 04:24

timroes added the Team:SIEM label Feb 28, 2020

FrankHassanabad added v8.0.0 v7.6.2 release_note:fix labels Feb 28, 2020

FrankHassanabad suggested changes Feb 28, 2020

View reviewed changes

...s/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_adobe_hijack_persistence.json Show resolved Hide resolved

FrankHassanabad self-assigned this Feb 28, 2020

FrankHassanabad added the v7.7.0 label Feb 28, 2020

Update to version 2

77fd869

nicpenning commented Feb 28, 2020

View reviewed changes

brokensound77 approved these changes Feb 28, 2020

View reviewed changes

FrankHassanabad approved these changes Feb 28, 2020

View reviewed changes