Update defense_evasion_potential_http_downgrade_attack.toml

Aegrah · web-flow · commit 4dc9b5274616 · 2025-12-04T15:39:22.000+01:00
diff --git a/rules/cross-platform/defense_evasion_potential_http_downgrade_attack.toml b/rules/cross-platform/defense_evasion_potential_http_downgrade_attack.toml
@@ -1,6 +1,6 @@
 [metadata]
 creation_date = "2025/11/27"
-integration = ["nginx", "apache", "apache_tomcat", "network_traffic"]
+integration = ["nginx", "apache", "apache_tomcat"]
 maturity = "production"
 updated_date = "2025/11/27"
 
@@ -16,8 +16,6 @@ the older protocol versions.
 """
 from = "now-9m"
 index = [
-        "logs-network_traffic.http-*",
-        "logs-network_traffic.tls-*",
         "logs-nginx.access-*",
         "logs-apache.access-*",
         "logs-apache_tomcat.access-*",
@@ -32,7 +30,6 @@ tags = [
     "Domain: Web",
     "Use Case: Threat Detection",
     "Tactic: Defense Evasion",
-    "Data Source: Network Packet Capture",
     "Data Source: Nginx",
     "Data Source: Apache",
     "Data Source: Apache Tomcat",
