[Security Solution][Detections] Indicator match rule mappings are not validated during creation #93589
Labels
bug
Fixes for quality problems that affect the customer experience
documentation
Feature:Indicator Match Rule
Security Solution Indicator Match Rule feature
Feature:Rule Creation
Security Solution Detection Rule Creation
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Describe the bug:
keyword
. However, some of the values represented are IPs. If you want to match your ingested data that contains IPs with the domain indicator, the execution of the rule will fail.Kibana/Elasticsearch Stack version:
Preconditions:
Steps to reproduce:
*:*
file*
destination.ip MATCHES threatintel.indicator.domain
*:*
10s
300000h
Current behavior:
Expected behavior:
The text was updated successfully, but these errors were encountered: