security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FR] Add support for investigation_fields (#3550)

Browse Source 
(cherry picked from commit bb907a4d76)
This commit is contained in:
Mika Ayenson
2024-04-01 11:52:46 -05:00
committed by github-actions[bot]
parent a2fd651db3
commit aef30b595d
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/rule.py
+7
View File
@@ -240,6 +240,12 @@ class ThresholdAlertSuppression:
@dataclass(frozen=True)
class BaseRuleData(MarshmallowDataclassMixin, StackCompatMixin):
"""Base rule data."""
@dataclass
class InvestigationFields:
field_names: List[definitions.NonEmptyStr]
@dataclass
class RequiredFields:
name: definitions.NonEmptyStr
@@ -264,6 +270,7 @@ class BaseRuleData(MarshmallowDataclassMixin, StackCompatMixin):
# trailing `_` required since `from` is a reserved word in python
from_: Optional[str] = field(metadata=dict(data_key="from"))
interval: Optional[definitions.Interval]
investigation_fields: Optional[InvestigationFields] = field(metadata=dict(metadata=dict(min_compat="8.11")))
max_signals: Optional[definitions.MaxSignals]
meta: Optional[Dict[str, Any]]
name: definitions.RuleName