valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update ala-rule.py

Browse Source
This commit is contained in:
SOC Prime 2019-12-30 16:26:30 +02:00 committed by GitHub
parent f015c97dff
commit 92bc96a308
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tools/sigma/backends/ala-rule.py
View File

@ -1,5 +1,4 @@
# Azure Log Analytics output backend for sigmac
# John Tuckner (@tuckner)
# Azure Log Analytics Rule output backend for sigmac
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
@ -49,13 +48,15 @@ class AzureAPIBackend(AzureLogAnalyticsBackend):
tag_list = tag.split("_")
tag_list = [item.title() for item in tag_list]
tactics.append("".join(tag_list))
else:
tactics.append(tag.title())
rule = {
"analytics":
[
{
"displayName": "{} by {}".format(config.get("title"), config.get('author')),
"description": "{} {}".format(config.get("description"), "Technics: {}.".format(",".join(technics))),
"description": "{} {}".format(config.get("description"), "Technique: {}.".format(",".join(technics))),
"severity": config.get("level"),
"enabled": True,
"query": config.get("translation"),