valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fc276612b6
SigmaHQ/tools/config/arcsight.yml
Thomas Patzke 11ed7e7ef8 Check for valid configuration/backend combinations
2019-05-20 01:00:33 +02:00

112 lines
2.2 KiB
YAML
Raw Blame History

title: ArcSight
order: 20
backends:
- arcsight
logsources:
linux:
product: linux
conditions:
deviceVendor: Unix
linux-sshd:
product: linux
service: sshd
conditions:
deviceVendor: Unix
linux-auth:
product: linux
service: auth
conditions:
deviceVendor: Unix
linux-clamav:
product: linux
service: clamav
conditions:
deviceVendor: Unix
windows-dns:
product: windows
service: dns-server
conditions:
deviceVendor: Microsoft
deviceProduct: DNS-Server
windows-pc:
product: windows
service: powershell-classic
conditions:
deviceVendor: Microsoft
windows-sys:
product: windows
service: sysmon
conditions:
deviceVendor: Microsoft
deviceProduct: Sysmon
windows-sec:
product: windows
service: security
conditions:
deviceVendor: Microsoft
deviceProduct: Microsoft Windows
windows-power:
product: windows
service: powershell
conditions:
deviceVendor: Microsoft
windows-dhcp:
product: windows
service: dhcp
conditions:
deviceVendor: Microsoft
windows-system:
product: windows
service: system
conditions:
deviceVendor: Microsoft
windows-driver:
product: windows
service: driver-framework
conditions:
deviceVendor: Microsoft
windows-app:
product: windows
service: application
conditions:
deviceVendor: Microsoft
proxy:
category: proxy
conditions:
categoryDeviceGroup: /Proxy
python:
product: python
conditions:
deviceProduct: Python
categoryDeviceGroup: /Application
ruby_on_rails:
product: ruby_on_rails
conditions:
deviceProduct: Ruby on Rails
categoryDeviceGroup: /Application
spring:
product: spring
conditions:
deviceProduct: Spring
categoryDeviceGroup: /Application
apache:
product: apache
conditions:
deviceProduct: Apache
categoryDeviceGroup: /Application
firewall:
product: firewall
conditions:
categoryDeviceGroup: /Firewall
fieldmappings:
EventID: externalId
dst:
- destinationAddress
dst_ip:
- destinationAddress
src:
- sourceAddress
src_ip:
- sourceAddress
Reference in New Issue View Git Blame Copy Permalink