Another update to defaults in deployments

splunk · pyth0n1c · Jul 1, 2025 · Jul 8, 2025 · Jul 17, 2025 · Jul 17, 2025
commit 60a4d687b2ee989a2d85dba69902e1bf0e5ed714
@@ -6,8 +6,8 @@ description: This configuration file applies to all detections of type anomaly.
   These detections will use Risk Based Alerting.
 scheduling:
   cron_schedule: '{minute} * * * *'
-  earliest_time: -70m@m
-  latest_time: -10m@m
+  earliest_time: -60m@m
+  latest_time: +10m@m
   schedule_window: auto
 alert_action:
   rba:

@@ -5,7 +5,7 @@ author: Patrick Bareiss
 description: This configuration file applies to all detections of type baseline.
 scheduling:
   cron_schedule: '{minute} 0 * * *'
-  earliest_time: -1450m@m
-  latest_time: -10m@m
+  earliest_time: -1440m@m
+  latest_time: +10m@m
   schedule_window: auto
 type: Baseline
@@ -6,8 +6,8 @@ description: This configuration file applies to all detections of type Correlati
   These correlations will generate Notable Events.
 scheduling:
   cron_schedule: '{minute} * * * *'
-  earliest_time: -70m@m
-  latest_time: -10m@m
+  earliest_time: -60m@m
+  latest_time: +10m@m
   schedule_window: auto
 alert_action:
   notable:

@@ -5,7 +5,7 @@ author: Patrick Bareiss
 description: This configuration file applies to all detections of type hunting.
 scheduling:
   cron_schedule: '{minute} * * * *'
-  earliest_time: -70m@m
-  latest_time: -10m@m
+  earliest_time: -60m@m
+  latest_time: +10m@m
   schedule_window: auto
 type: Hunting
@@ -5,9 +5,9 @@ author: Patrick Bareiss
 description: This configuration file applies to all detections of type TTP.
   These detections will use Risk Based Alerting and generate Notable Events.
 scheduling:
-  cron_schedule: '{minute_range}/15 * * * *'
-  earliest_time: -15m@m
-  latest_time: now
+  cron_schedule: '*/15 * * * *'
+  earliest_time: -60m@m
+  latest_time: +10m@m
   schedule_window: auto
 alert_action:
   notable: