From 69efb05c5fe59d7a8d568a19ce4e7f2c193f20ef Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 4 Feb 2018 00:27:09 +0100 Subject: [PATCH] First draft of Rx schema --- sigma-schema.rx.yaml | 79 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 sigma-schema.rx.yaml diff --git a/sigma-schema.rx.yaml b/sigma-schema.rx.yaml new file mode 100644 index 000000000..3ea8ddbaa --- /dev/null +++ b/sigma-schema.rx.yaml @@ -0,0 +1,79 @@ +type: //rec +required: + title: + type: //str + length: + min: 1 + max: 256 + logsource: + type: //rec + optional: + category: //str + product: //str + service: //str + definition: //str + detection: + type: //rec + required: + condition: + type: //any + of: + - type: //str + - type: //arr + contents: //str + length: + min: 2 + optional: + timeframe: //str + rest: + type: //any + of: + - type: //arr + contents: //str + - type: //map + values: + type: //any + of: + - type: //str + - type: //arr + contents: //str + length: + min: 2 +optional: + status: + type: //any + of: + - type: //str + value: stable + - type: //str + value: testing + - type: //str + value: experimental + description: //str + author: //str + references: + type: //arr + contents: //str + fields: + type: //arr + contents: //str + falsepositives: + type: //any + of: + - type: //str + - type: //arr + contents: //str + length: + min: 2 + level: + type: //any + of: + - type: //str + value: low + - type: //str + value: medium + - type: //str + value: high + - type: //str + value: critical +rest: //any