Skip to content

Commit 8762f83

Browse files
SamirbousMikaayenson
Samirbous
and
Mikaayenson
authored
Update rules/cross-platform/multiple_alerts_from_different_modules_by_user.toml
Co-authored-by: Mika Ayenson, PhD <[email protected]>
1 parent 0ff7c02 commit 8762f83

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

rules/cross-platform/multiple_alerts_from_different_modules_by_user.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ from .alerts-security.* metadata _id
4040
Esql.message_values = VALUES(message),
4141
Esql.event_category_values = VALUES(event.category),
4242
Esql.source_ip_values = VALUES(source.ip),
43-
Esql.source_ip_values = VALUES(destination.ip),
43+
Esql.destination_ip_values = VALUES(destination.ip),
4444
Esql.host_id_values = VALUES(host.id),
4545
Esql.agent_id_values = VALUES(agent.id),
4646
Esql.user_id_values = VALUES(user.id),

0 commit comments

Comments
 (0)