1{ 2 "author": [ 3 "Elastic" 4 ], 5 "description": "Elastic Endgame detected an Adversary Behavior. Click the Elastic Endgame icon in the event.module column or the link in the rule.reference column for additional information.", 6 "from": "now-15m", 7 "index": [ 8 "endgame-*" 9 ], 10 "interval": "10m", 11 "language": "kuery", 12 "license": "Elastic License v2", 13 "name": "Adversary Behavior - Detected - Elastic Endgame", 14 "query": "event.kind:alert and event.module:endgame and (event.action:rules_engine_event or endgame.event_subtype_full:rules_engine_event)\n", 15 "risk_score": 47, 16 "rule_id": "77a3c3df-8ec4-4da4-b758-878f551dee69", 17 "severity": "medium", 18 "tags": [ 19 "Elastic", 20 "Elastic Endgame" 21 ], 22 "type": "query", 23 "version": 6 24} 25