diff --git a/sigma-schema.rx.yaml b/sigma-schema.rx.yaml new file mode 100644 index 000000000..3ea8ddbaa --- /dev/null +++ b/sigma-schema.rx.yaml @@ -0,0 +1,79 @@ +type: //rec +required: + title: + type: //str + length: + min: 1 + max: 256 + logsource: + type: //rec + optional: + category: //str + product: //str + service: //str + definition: //str + detection: + type: //rec + required: + condition: + type: //any + of: + - type: //str + - type: //arr + contents: //str + length: + min: 2 + optional: + timeframe: //str + rest: + type: //any + of: + - type: //arr + contents: //str + - type: //map + values: + type: //any + of: + - type: //str + - type: //arr + contents: //str + length: + min: 2 +optional: + status: + type: //any + of: + - type: //str + value: stable + - type: //str + value: testing + - type: //str + value: experimental + description: //str + author: //str + references: + type: //arr + contents: //str + fields: + type: //arr + contents: //str + falsepositives: + type: //any + of: + - type: //str + - type: //arr + contents: //str + length: + min: 2 + level: + type: //any + of: + - type: //str + value: low + - type: //str + value: medium + - type: //str + value: high + - type: //str + value: critical +rest: //any