Has anyone noticed a "HUGE" amount of false positives that occur when enabling the Detection Rule [Threat Intel Filebeat Module Indicator Match]. This rule is tagged as follows
I don't have Elastic Endgame, I just have the free elastic security endpoint agent. I am wondering if this detection rule, requires Endgame and this is why I am getting so many false positives???