security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ce072a4e58238d94deae33ff8de25458ac129d5
sigma-rules/.github/ISSUE_TEMPLATE/new_hunt.yaml
T

94 lines
2.1 KiB
YAML
Raw Blame History

name: New Hunt
description: Suggestions and ideas for new hunts
title: "[New hunt] Name of hunt"
labels: ["Hunt: New", "Team: TRADE"]
assignees: []
projects: ["elastic/1268"]
body:
- type: textarea
id: description
attributes:
label: Description
description: "Provide a detailed description of the activity to be detected."
placeholder: "Detailed description..."
- type: dropdown
id: target_huntset
attributes:
label: Target Huntset
description: "Select the target rulset."
options:
- apm
- cross-platform
- aws
- aws_bedrock
- azure
- azure_openai
- beaconing
- cloud_defend
- cyberparkpas
- ded
- dga
- endpoint
- fim
- gcp
- github
- google_workspace
- kubernetes
- lmd
- o365
- okta
- problemchild
- linux
- macos
- ml
- network
- promotions
- threat_intel
- windows
- other
- type: dropdown
id: hunt_type
attributes:
label: Target hunt Type
description: "Select the target type."
options:
- Custom (KQL or Lucene)
- Machine Learning
- Threshold
- Event Correlation (EQL)
- Indicator Match
- New Terms
- ES|QL
- OSQuery
- type: textarea
id: query
attributes:
label: Query
description: "Provide the query for the hunt (optional)."
placeholder: "Query..."
- type: textarea
id: related_issues_prs
attributes:
label: Related issues or PRs
description: "Link any related issues or PRs (optional)."
placeholder: "Related issues or PRs..."
- type: textarea
id: references
attributes:
label: References
description: "List any references (optional)."
placeholder: "References..."
- type: textarea
id: example_data
attributes:
label: Redacted Example Data
description: "Provide a redacted example JSON data from the actual activity."
placeholder: "Example JSON data..."
Reference in New Issue View Git Blame Copy Permalink