rules_export.ndjson

{"id":"957b94f0-3eed-4c74-bb7c-e6c3b564cbca","updated_at":"2025-03-07T23:17:44.789Z","updated_by":"1408390652","created_at":"2025-03-07T00:04:58.300Z","created_by":"1408390652","name":"Alerts to observe nmap and nikto","tags":[],"interval":"5m","enabled":true,"revision":1,"description":"Detects the nmap and nikto","risk_score":21,"severity":"low","license":"","output_index":"","meta":{"from":"1m","kibana_siem_app_url":"https://c8529206cde54dcdb49b614359fa852c.us-central1.gcp.cloud.es.io/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"06283e90-30d7-49ec-898f-3b1c9f619f1d","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[{"framework":"MITRE ATT&CK","tactic":{"id":"TA0007","name":"Discovery","reference":"https://attack.mitre.org/tactics/TA0007"},"technique":[{"id":"T1046","name":"Network Service Discovery","reference":"https://attack.mitre.org/techniques/T1046","subtechnique":[]}]}],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"rule_source":{"type":"internal"},"related_integrations":[],"required_fields":[],"setup":"","type":"query","language":"kuery","index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"query":"event.dataset:zeek.http and user_agent.original:*Nmap* or user_agent.original:*Nikto*","filters":[],"alert_suppression":{"group_by":["destination.address"],"missing_fields_strategy":"suppress"},"actions":[]}
{"exported_count":1,"exported_rules_count":1,"missing_rules":[],"missing_rules_count":0,"exported_exception_list_count":0,"exported_exception_list_item_count":0,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0,"exported_action_connector_count":0,"missing_action_connection_count":0,"missing_action_connections":[],"excluded_action_connection_count":0,"excluded_action_connections":[]}