{"id":"77260f65-d17e-468b-8fe9-305048404e95","updated_at":"2024-07-01T17:50:10.160Z","updated_by":"3610252053","created_at":"2024-07-01T17:49:37.594Z","created_by":"3610252053","name":"Test Exception List","tags":[],"interval":"5h","enabled":true,"revision":1,"description":"Test Exception List","risk_score":21,"severity":"low","license":"","output_index":"","meta":{"from":"1m","kibana_siem_app_url":"https://dev-deployment-2c684a.kb.us-central1.gcp.cloud.es.io:9243/app/security"},"author":["Elastic"],"false_positives":[],"from":"now-18060s","rule_id":"7c22a9d2-5910-4da2-92af-7ff7481bd0f7","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[{"id":"222e1466-6dee-49ed-bb40-b7791891dc90","list_id":"ad78032a-6730-44c1-8ec3-129ff1dc2ad9","type":"rule_default","namespace_type":"single"}],"immutable":false,"related_integrations":[],"required_fields":[],"setup":"","type":"eql","language":"eql","index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"query":"process where true","filters":[],"actions":[]}
{"_version":"WzQ3NTYzLDJd","created_at":"2024-07-01T17:50:08.726Z","created_by":"3610252053","description":"Exception list containing exceptions for rule with id: 77260f65-d17e-468b-8fe9-305048404e95","id":"222e1466-6dee-49ed-bb40-b7791891dc90","immutable":false,"list_id":"ad78032a-6730-44c1-8ec3-129ff1dc2ad9","name":"Exceptions for rule - Test Exception List","namespace_type":"single","os_types":[],"tags":["default_rule_exception_list"],"tie_breaker_id":"dc3357a1-0f43-4476-b113-11d683dd5fe5","type":"rule_default","updated_at":"2024-07-01T17:50:08.727Z","updated_by":"3610252053","version":1}
{"_version":"WzQ3NTY1LDJd","comments":[],"created_at":"2024-07-01T19:35:20.071Z","created_by":"3610252053","description":"Exception list item","entries":[{"field":"Effective_process.pid","operator":"included","type":"match","value":"1"}],"id":"49f9966c-9fb4-4d8a-8bed-8e7bfcdafbc5","item_id":"970945dd-71d5-4128-89a8-7e8689326a19","list_id":"ad78032a-6730-44c1-8ec3-129ff1dc2ad9","name":"Pid not One","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"db323af7-5564-4a42-8d8e-81f933c5cef1","type":"simple","updated_at":"2024-07-01T19:35:20.071Z","updated_by":"3610252053"}
{"_version":"WzQ3NTY0LDJd","comments":[],"created_at":"2024-07-01T17:50:11.181Z","created_by":"3610252053","description":"Exception list item","entries":[{"field":"process.name","operator":"included","type":"match","value":"FakeRoot"}],"id":"8d1c6de2-12bf-442d-9b52-00bc99bfcea2","item_id":"d6a0e21c-bf41-4758-a522-cca5df3a2332","list_id":"ad78032a-6730-44c1-8ec3-129ff1dc2ad9","name":"FakeRoot","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"e1e84f62-b36f-4608-9778-1e4ca29539ae","type":"simple","updated_at":"2024-07-01T17:50:11.181Z","updated_by":"3610252053"}
{"exported_count":4,"exported_rules_count":1,"missing_rules":[],"missing_rules_count":0,"exported_exception_list_count":1,"exported_exception_list_item_count":2,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0,"exported_action_connector_count":0,"missing_action_connection_count":0,"missing_action_connections":[],"excluded_action_connection_count":0,"excluded_action_connections":[]}