Change the Endpoint security > Malware detection module filters to "rule.groups is one of rootcheck,virustotal,yara"

Question

Change the Endpoint security > Malware detection module filters to "rule.groups is one of rootcheck,virustotal,yara"

Closed this issue 4 months ago · 0 comments

Description

Currently, the Endpoint security > Malware detection module applies the rule.groups:rootcheck filter, but this filter doesn't include some important alerts. We need to modify the implicit filter applied so that rule.groups includes rootcheck,virustotal,yara.