Hello,
I activated "Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score" and "Living off the Land Attack Detection" and followed the procedure.
It seems to be triggering on a lot of my usual / normal processes. For example opening brave and then opening a new tab always triggers a blocklist_label of 1.
Am I doing something wrong or is it normal that this triggers so frequently with a "High Malicious Probability Score"?
I'm using the latest version 2.4.0 in Elastic Security Serveless.
Willem