atomic-threat-coverage/dataneeded/dataneeded.yml.template

title: DN_0000_some_name_here
description: >
  Some text description here. It will be merged into one line.
loggingpolicy: LP_0000_some_logging_policy_name_here
references:
  - http://something.com
platform: Windows                               # Windows | Linux | Unix | macOS | Network
type: Windows Log                               # Windows Log | Authentication and Service | access.log
channel: Security                               # Security | System | Microsoft-Windows-Sysmon/Operational | None
provider: Microsoft-Windows-Security-Auditing   # Microsoft-Windows-Security-Auditing | Microsoft-Windows-Eventlog | None
fields:
  - hostname
  - ip_address
  - username
  - etc
sample: |
  raw log sample here
initial commit 2018-12-12 05:19:57 +00:00			`title: DN_0000_some_name_here`
refactored dn and lp 2018-12-20 02:45:42 +00:00			`description: >`
initial commit 2018-12-12 05:19:57 +00:00			`Some text description here. It will be merged into one line.`
			`loggingpolicy: LP_0000_some_logging_policy_name_here`
			`references:`
			`- http://something.com`
			`platform: Windows # Windows \| Linux \| Unix \| macOS \| Network`
			`type: Windows Log # Windows Log \| Authentication and Service \| access.log`
			`channel: Security # Security \| System \| Microsoft-Windows-Sysmon/Operational \| None`
			`provider: Microsoft-Windows-Security-Auditing # Microsoft-Windows-Security-Auditing \| Microsoft-Windows-Eventlog \| None`
			`fields:`
			`- hostname`
			`- ip_address`
			`- username`
			`- etc`
			`sample: \|`
			`raw log sample here`