updating detection

patel-bhavin · patel-bhavin · commit aba0bdc4d327 · 2025-02-20T14:47:37.000-08:00
diff --git a/detections/application/cisco_ai_defense_security_alerts.yml b/detections/application/cisco_ai_defense_security_alerts.yml
@@ -34,7 +34,8 @@ search: |-
         severity="medium", 50,
         severity="low", 25
     )
-    | table model.model_name, user_id, event_action, application_id, application_name, severity, risk_score, policy_name, connection_name, guardrail_ruleset_type, guardrail_entity_name |`cisco_ai_defense_security_alerts_filter`'
+    | table model.model_name, user_id, event_action, application_id, application_name, severity, risk_score, policy_name, connection_name, guardrail_ruleset_type, guardrail_entity_name 
+    |`cisco_ai_defense_security_alerts_filter`'
 how_to_implement: To enable this detection, you need to ingest alerts from the Cisco AI Defense product. This can be done by using this app from splunkbase - Cisco Security Cloud and ingest alerts into the cisco:ai:defense sourcetype.
 known_false_positives: False positives may vary based on Cisco AI Defense configuration; monitor and filter out the alerts that are not relevant to your environment.
 references:
