alert:
- "modules.so.playbook-es.PlaybookESAlerter"

elasticsearch_host: "{{ GLOBALS.url_base }}:9200"
play_title: ""
play_id: ""
event.module: "playbook"
event.dataset: "alert"
event.severity:
rule.category: 
play_url: "https://{{ GLOBALS.url_base }}/playbook/issues/6000"
kibana_pivot: "https://{{ GLOBALS.url_base }}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{ GLOBALS.url_base }}/#/hunt"
sigma_level: ""

index: '.ds-logs-*'
name: EQL
priority: 3
realert:
  minutes: 0
type: any
filter: