Update 200850-crowdstrike.xml

socfortress · Aug 29, 2022 · 26236db · 26236db
1 parent 52a4ec1
commit 26236db
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/Crowdstrike/200850-crowdstrike.xml b/Crowdstrike/200850-crowdstrike.xml
@@ -1,6 +1,7 @@
 <group name="crowdstrike,siemconnector">
   <rule id="200850" level="5">
     <field name="metadata.customerIDString">\.+</field>
+    <options>no_full_log</options>
     <description>CrowdStrike Alert - $(event.OperationName)</description>
   </rule>
   <rule id="200851" level="1">
@@ -16,6 +17,7 @@
   <rule id="200853" level="8">
     <if_sid>200850</if_sid>
     <field name="event.Severity">\.+</field>
+    <options>no_full_log</options>
     <description>CrowdStrike Alert - $(event.DetectDescription)</description>
   </rule>
 </group>