mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-09 02:26:48 +00:00
80 lines
1.8 KiB
YAML
80 lines
1.8 KiB
YAML
type: //rec
|
|
required:
|
|
title:
|
|
type: //str
|
|
length:
|
|
min: 1
|
|
max: 256
|
|
logsource:
|
|
type: //rec
|
|
optional:
|
|
category: //str
|
|
product: //str
|
|
service: //str
|
|
definition: //str
|
|
detection:
|
|
type: //rec
|
|
required:
|
|
condition:
|
|
type: //any
|
|
of:
|
|
- type: //str
|
|
- type: //arr
|
|
contents: //str
|
|
length:
|
|
min: 2
|
|
optional:
|
|
timeframe: //str
|
|
rest:
|
|
type: //any
|
|
of:
|
|
- type: //arr
|
|
contents: //str
|
|
- type: //map
|
|
values:
|
|
type: //any
|
|
of:
|
|
- type: //str
|
|
- type: //arr
|
|
contents: //str
|
|
length:
|
|
min: 2
|
|
optional:
|
|
status:
|
|
type: //any
|
|
of:
|
|
- type: //str
|
|
value: stable
|
|
- type: //str
|
|
value: testing
|
|
- type: //str
|
|
value: experimental
|
|
description: //str
|
|
author: //str
|
|
references:
|
|
type: //arr
|
|
contents: //str
|
|
fields:
|
|
type: //arr
|
|
contents: //str
|
|
falsepositives:
|
|
type: //any
|
|
of:
|
|
- type: //str
|
|
- type: //arr
|
|
contents: //str
|
|
length:
|
|
min: 2
|
|
level:
|
|
type: //any
|
|
of:
|
|
- type: //str
|
|
value: low
|
|
- type: //str
|
|
value: medium
|
|
- type: //str
|
|
value: high
|
|
- type: //str
|
|
value: critical
|
|
rest: //any
|