valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added status classification to specification

Browse Source
This commit is contained in:
Thomas Patzke 2017-01-11 00:06:00 +01:00 committed by Florian Roth
parent 1ad5d2555a
commit b202822ef2
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -17,6 +17,7 @@ The rules consist of a few required sections and several optional ones.
```
title
status [optional]
description [optional]
reference [optional]
detection
@ -34,6 +35,15 @@ level [optional]
A brief title for the rule that should contain what the rules is supposed to detect (max. 256 characters)
## Status
Declares the status of the rule:
- stable: the rule is considered as stable and may be used in production systems or dashboards.
- test: an almost stable rule that possibly could require some fine tuning.
- experimental: an experimental rule that could lead to false results or be noisy, but could also identify interesting
events.
## Description
A short description of the rule and the malicious activity that can be detected (max. 65,535 characters)