79265141

Date: 2024-12-09 13:30:59
Score: 4.5
Natty:
Report link

I solve the problem, but I don't know why this happened.

".siem-signals-default" Refresh or clear cache of this index is not enough to solve the problem. I need to Flush the index. and set the Indicator index query to @timestamp >= "now-1h" or a time after flushing the index.

But why is this happening.

Reasons:
  • Blacklisted phrase (0.5): I need
  • RegEx Blacklisted phrase (0.5): why is this
  • Low length (0.5):
  • No code block (0.5):
  • User mentioned (1): @timestamp
  • Self-answer (0.5):
  • Low reputation (1):
Posted by: Majid Mortazavi