security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FR] NON_DATASET_PACKAGE list & Data Source tag for Auditd_manager (#3430)

Browse Source 
* [FR] Add Auditd_Manager to NON_DATASET_PACKAGE

* Changed alphabetical order

---------

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

(cherry picked from commit a637bcec38)
This commit is contained in:
Ruben Groenewoud
2024-02-19 09:37:02 +01:00
committed by github-actions[bot]
parent 144754c8a5
commit 984f2a6fbf
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/schemas/definitions.py
+2 -1
View File
@@ -33,7 +33,7 @@ ELASTICSEARCH_EQL_FEATURES = {
"allow_sample": (Version.parse('8.6.0'), None),
"elasticsearch_validate_optional_fields": (Version.parse('7.16.0'), None)
}
NON_DATASET_PACKAGES = ['apm', 'endpoint', 'system', 'windows', 'cloud_defend', 'network_traffic']
NON_DATASET_PACKAGES = ['apm', 'auditd_manager', 'cloud_defend', 'endpoint', 'network_traffic', 'system', 'windows']
NON_PUBLIC_FIELDS = {
"related_integrations": (Version.parse('8.3.0'), None),
"required_fields": (Version.parse('8.3.0'), None),
@@ -68,6 +68,7 @@ TIMELINE_TEMPLATES: Final[dict] = {
EXPECTED_RULE_TAGS = [
'Data Source: Active Directory',
'Data Source: Amazon Web Services',
'Data Source: Auditd Manager',
'Data Source: AWS',
'Data Source: APM',
'Data Source: Azure',