Skip to content

Fixes related to UEBARiskscore calculation and threshold logic #11571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
v-atulyadav merged 5 commits into from
Dec 19, 2024
Merged

Fixes related to UEBARiskscore calculation and threshold logic #11571

v-atulyadav merged 5 commits into from
Dec 19, 2024

Conversation

@ashwin-patil
Copy link
Member

@ashwin-patil ashwin-patil commented Dec 17, 2024

Required items, please complete

Change(s):

  • Issue Templated rule - MFA Rejected by User generating false positives #11142
  • Update the threshold filter based on risk score on a scale of 0-10 instead of summarized score
  • Joining the behavioral analytics table on both IP and user so as to only return context associated with flagged user.
  • in the summarize consider max score of failed logons instead of summarizing.
  • Column renaming and entity changes.

Reason for Change(s):

  • Fixing customer reported bug.
  • Incorrect threshold logic to reduce FPs or noise.

Version Updated:

  • Required only for Detections/Analytic Rule templates
  • See guidance below

Testing Completed:

  • See guidance below

Checked that the validations are passing and have addressed any issues that are present:

  • See guidance below

@ashwin-patil ashwin-patil requested review from a team as code owners December 17, 2024 04:32
@contentautomationbot
Copy link

contentautomationbot bot commented Dec 17, 2024

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@v-prasadboke v-prasadboke self-assigned this Dec 17, 2024
@v-prasadboke v-prasadboke added the Solution Solution specialty review needed label Dec 17, 2024
@v-sudkharat v-sudkharat linked an issue Dec 18, 2024 that may be closed by this pull request
Templated rule - MFA Rejected by User generating false positives #11142
Closed
@v-atulyadav v-atulyadav merged commit 06e1643 into master Dec 19, 2024
51 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v-atulyadav v-atulyadav v-atulyadav approved these changes

@v-shukore v-shukore v-shukore approved these changes

Assignees

@v-prasadboke v-prasadboke

@v-shukore v-shukore

Labels

Content-Package Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Templated rule - MFA Rejected by User generating false positives

5 participants

@ashwin-patil @v-atulyadav @v-shukore @v-prasadboke