IM rule for testing

high_cardinality_rule.ndjson

{"id":"9c21dfcc-6694-479d-b330-9bc984c1b880","updated_at":"2024-04-23T00:38:44.723Z","updated_by":"elastic_serverless","created_at":"2024-04-22T19:47:16.573Z","created_by":"elastic_serverless","name":"test","tags":[],"interval":"1m","enabled":false,"revision":9,"description":"test","risk_score":21,"severity":"low","license":"","output_index":"","meta":{"from":"500m","kibana_siem_app_url":"http://localhost:5601/app/security"},"author":[],"false_positives":[],"from":"now-30060s","rule_id":"a8419dbe-0fea-4602-ab98-cdbf74ff9ea6","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"related_integrations":[],"required_fields":[],"setup":"","type":"threat_match","language":"kuery","index":["high*"],"query":"*:*","filters":[],"threat_filters":[],"threat_query":"*:*","threat_mapping":[{"entries":[{"field":"host.name","type":"mapping","value":"host.name"},{"field":"container.id","type":"mapping","value":"container.id"},{"field":"host.network.name","type":"mapping","value":"host.network.name"}]}],"threat_language":"kuery","threat_index":["high*"],"threat_indicator_path":"threat.indicator","actions":[]}
{"exported_count":1,"exported_rules_count":1,"missing_rules":[],"missing_rules_count":0,"exported_exception_list_count":0,"exported_exception_list_item_count":0,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0,"exported_action_connector_count":0,"missing_action_connection_count":0,"missing_action_connections":[],"excluded_action_connection_count":0,"excluded_action_connections":[]}