Skip to content

Commit 4a8a5dc

Browse files
SamirbousSamirbous
committed
Update credential_access_multi_could_secrets_via_api.toml
1 parent 0985d09 commit 4a8a5dc

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

rules/cross-platform/credential_access_multi_could_secrets_via_api.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,7 @@ FROM logs-* metadata _id, _version, _index
137137
Esql.users = VALUES(user.name)
138138
BY source.ip
139139
| WHERE Esql.dc_dataset >= 2
140+
| Keep source.ip, Esql.dc_dataset, Esql.users
140141
'''
141142

142143

0 commit comments

Comments
 (0)