refactor(rules): drop "now-" prefix from within field

Author: JocLRojas

rules/antivirus/bitdefender_gz/av_console_lateral_movement.yml

@@ -35,7 +35,7 @@ afterEvents:
       - field: log.hostId
         operator: filter_term
         value: '{{.log.hostId}}'
-    within: now-30m
+    within: 30m
     count: 10
 groupBy:
   - lastEvent.log.eventType

rules/antivirus/bitdefender_gz/av_policy_override.yml

@@ -36,7 +36,7 @@ afterEvents:
       - field: log.hostId
         operator: filter_term
         value: '{{.log.hostId}}'
-    within: now-1h
+    within: 1h
     count: 3
 groupBy:
   - lastEvent.log.eventType

rules/antivirus/bitdefender_gz/malware_outbreak_multiple_hosts.yml

@@ -41,7 +41,7 @@ afterEvents:
       - field: log.eventType
         operator: filter_term
         value: "AntiMalware"
-    within: now-2h
+    within: 2h
     count: 10
 groupBy:
   - lastEvent.log.signatureID

rules/antivirus/bitdefender_gz/multiple_malware_from_single_source.yml

@@ -47,7 +47,7 @@ afterEvents:
       - field: log.eventType
         operator: filter_term
         value: "AntiMalware"
-    within: now-1h
+    within: 1h
     count: 5
 groupBy:
   - lastEvent.log.hostId

rules/antivirus/bitdefender_gz/network_threat_detection.yml

@@ -39,7 +39,7 @@ afterEvents:
       - field: origin.ip
         operator: filter_term
         value: '{{.origin.ip}}'
-    within: now-2h
+    within: 2h
     count: 5
     or:
       - indexPattern: v11-log-antivirus-bitdefender-gz-*
@@ -50,7 +50,7 @@ afterEvents:
           - field: log.eventType
             operator: filter_term
             value: 'network-sandboxing'
-        within: now-4h
+        within: 4h
         count: 3
 groupBy:
   - lastEvent.log.hostId

rules/antivirus/bitdefender_gz/ransomware_behavior_detection.yml

@@ -37,7 +37,7 @@ afterEvents:
       - field: log.hostId
         operator: filter_term
         value: '{{.log.hostId}}'
-    within: now-10m
+    within: 10m
     count: 5
 groupBy:
   - lastEvent.log.hostId

rules/antivirus/bitdefender_gz/usb_malware_propagation.yml

@@ -36,7 +36,7 @@ afterEvents:
       - field: log.hostId
         operator: filter_term
         value: '{{.log.hostId}}'
-    within: now-30m
+    within: 30m
     count: 5
 groupBy:
   - lastEvent.log.eventType

rules/antivirus/deceptive-bytes/advanced_threat_tactic_identification.yml

@@ -43,7 +43,7 @@ afterEvents:
       - field: log.tacticName
         operator: filter_term
         value: '{{.log.tacticName}}'
-    within: now-15m
+    within: 15m
     count: 3
 groupBy:
   - lastEvent.log.tacticName

rules/antivirus/deceptive-bytes/data_theft_attempt_indicators.yml

@@ -38,7 +38,7 @@ afterEvents:
       - field: log.event_type
         operator: filter_term
         value: 'decoy_accessed'
-    within: now-2h
+    within: 2h
     count: 3
 groupBy:
   - lastEvent.log.decoy_file

rules/antivirus/deceptive-bytes/deception_token_access_patterns.yml

@@ -40,7 +40,7 @@ afterEvents:
       - field: log.eventType
         operator: filter_term
         value: 'token_access'
-    within: now-1h
+    within: 1h
     count: 3
 groupBy:
   - lastEvent.log.tokenId