From 0380e7c714a65b4c8e1714188685d35d0d5e546c Mon Sep 17 00:00:00 2001 From: mikiodehartj1 <113941652+mikiodehartj1@users.noreply.github.com> Date: Wed, 10 Apr 2024 15:01:34 -0600 Subject: [PATCH] Update cyberark-epm-misconfigurations.json --- rule-packs/cyberark-epm-misconfigurations.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/rule-packs/cyberark-epm-misconfigurations.json b/rule-packs/cyberark-epm-misconfigurations.json index 579baee..74031dc 100644 --- a/rule-packs/cyberark-epm-misconfigurations.json +++ b/rule-packs/cyberark-epm-misconfigurations.json @@ -1,31 +1,31 @@ [ { - "name": "cyberark-epm-application-control", - "description": "This query will look for applications that were installed before the EPM agent.", + "name": "cyberark-epm-blocked-applications", + "description": "This query will look for applications that have an unsatisfactory status.", "queries": [ { "name": "query0", - "query": "FIND cyberark_epm_applicationgroup as ag with ag.startOn > cyberark_epm_hostagent startOn", + "query": "FIND cyberark_epm_applicationgroup with status != 'OK'", "version": "v1" } ], "alertLevel": "MEDIUM" }, { - "name": "cyberark-epm-blocked-applications", - "description": "This query will look for applications that have an unsatisfactory status.", + "name": "cyberark-epm-application-groups-with-no-policy", + "description": "This query will look for application groups that have no policy associated.", "queries": [ { "name": "query0", - "query": "FIND cyberark_epm_applicationgroup with status != 'OK'", + "query": "FIND cyberark_epm_applicationgroup THAT !ENFORCES << cyberark_epm_policy", "version": "v1" } ], "alertLevel": "MEDIUM" }, - { - "name": "cyberark-epm-application-groups-with-no-policy", - "description": "This query will look for application groups that have no policy associated.", + { + "name": "cyberark-epm-service-with-no-policy", + "description": "This query will look for services that have no policy associated.", "queries": [ { "name": "query0",