Starting last week we started pushing a new metadata field to rules in the ruleset: reviewed_at.
This tag will indicate the date the ET team reviewed the rule last as part of our continuous improvement processes. If a rule’s text is updated, it’s manually reviewed as part of daily threat research investigations, or it comes up for review as part of our Time-To-Review automated processes, this field will be created and populated.
NOTE: the default value of this field is NULL, and as such it will NOT appear in rules unless any of the above criteria are met.