Merge pull request #3484 from splunk/cisco_slashn

pyth0n1c · web-flow · commit 2bbcdd503246 · 2025-04-22T12:12:32.000-07:00
Cisco slashn
diff --git a/detections/network/cisco_secure_firewall___blacklisted_ssl_certificate_fingerprint.yml b/detections/network/cisco_secure_firewall___blacklisted_ssl_certificate_fingerprint.yml
@@ -51,9 +51,7 @@ drilldown_searches:
   earliest_offset: $info_min_time$
   latest_offset: $info_max_time$
 rba:
-  message: >
-    Suspicious SSL certificate fingerprint ($SSL_CertFingerprint$) used in connections 
-    [ListingReason: $Reasons$]
+  message: Suspicious SSL certificate fingerprint - [$SSL_CertFingerprint$] used in connections [ListingReason - $Reasons$] from $src_ip$
   risk_objects:
     - field: src_ip
       type: system
