Open
Description
Root cause presently unknown, but occasionally a few signatures will somehow be assigned the same EventID. This is not validated until attempting to push signatures on the deployment box.
The current solution is to change the signature category then change it back so the next available EventID for the category is assigned.
Example:
Changing the newest of each rule to EC then back to MC assigns them EventIDs 5002064 and 5002065 respectively.
