security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ce072a4e58238d94deae33ff8de25458ac129d5
sigma-rules/detection_rules/etc/api_schemas/9.2/9.2.base.json
T
shashank-elastic 818978975d Prep 9.2 (#5231)
2025-10-17 21:01:13 +05:30

452 lines
8.2 KiB
JSON
Raw Blame History

{
"$schema": "http://json-schema.org/draft-04/schema#",
"additionalProperties": false,
"properties": {
"actions": {
"items": {
"additionalProperties": {
"type": [
"string",
"number",
"object",
"array",
"boolean"
]
},
"type": "object"
},
"type": [
"array"
]
},
"author": {
"items": {
"type": "string"
},
"type": "array"
},
"building_block_type": {
"enum": [
"default"
],
"type": [
"string"
]
},
"description": {
"type": "string"
},
"enabled": {
"type": [
"boolean"
]
},
"exceptions_list": {
"items": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"type": [
"array"
]
},
"false_positives": {
"items": {
"type": "string"
},
"type": [
"array"
]
},
"filters": {
"items": {
"additionalProperties": {
"type": [
"string",
"number",
"object",
"array",
"boolean"
]
},
"type": "object"
},
"type": [
"array"
]
},
"from": {
"type": [
"string"
]
},
"interval": {
"type": [
"string"
]
},
"investigation_fields": {
"additionalProperties": false,
"properties": {
"field_names": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"field_names"
],
"type": "object"
},
"license": {
"type": [
"string"
]
},
"max_signals": {
"type": [
"integer"
]
},
"meta": {
"additionalProperties": {
"type": [
"string",
"number",
"object",
"array",
"boolean"
]
},
"type": [
"object"
]
},
"name": {
"type": "string"
},
"note": {
"description": "Markdown",
"type": [
"string"
]
},
"references": {
"items": {
"type": "string"
},
"type": [
"array"
]
},
"related_integrations": {
"items": {
"additionalProperties": false,
"properties": {
"integration": {
"type": [
"string"
]
},
"package": {
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"package",
"version"
],
"type": "object"
},
"min_compat": "8.3",
"type": [
"array"
]
},
"required_fields": {
"items": {
"additionalProperties": false,
"properties": {
"ecs": {
"type": "boolean"
},
"name": {
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"ecs",
"name",
"type"
],
"type": "object"
},
"min_compat": "8.3",
"type": [
"array"
]
},
"revision": {
"min_compat": "8.8",
"type": [
"integer"
]
},
"risk_score": {
"type": "integer"
},
"risk_score_mapping": {
"items": {
"additionalProperties": false,
"properties": {
"field": {
"type": "string"
},
"operator": {
"enum": [
"equals"
],
"type": [
"string"
]
},
"value": {
"type": [
"string"
]
}
},
"required": [
"field"
],
"type": "object"
},
"type": [
"array"
]
},
"rule_id": {
"type": "string"
},
"rule_name_override": {
"type": [
"string"
]
},
"setup": {
"description": "Markdown",
"min_compat": "8.3",
"type": [
"string"
]
},
"severity": {
"enum": [
"low",
"medium",
"high",
"critical"
],
"enumNames": [],
"type": "string"
},
"severity_mapping": {
"items": {
"additionalProperties": false,
"properties": {
"field": {
"type": "string"
},
"operator": {
"enum": [
"equals"
],
"type": [
"string"
]
},
"severity": {
"type": [
"string"
]
},
"value": {
"type": [
"string"
]
}
},
"required": [
"field"
],
"type": "object"
},
"type": [
"array"
]
},
"tags": {
"items": {
"type": "string"
},
"type": [
"array"
]
},
"threat": {
"items": {
"additionalProperties": false,
"properties": {
"framework": {
"enum": [
"MITRE ATT&CK"
],
"type": "string"
},
"tactic": {
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"reference": {
"type": "string"
}
},
"required": [
"id",
"name",
"reference"
],
"type": "object"
},
"technique": {
"items": {
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"reference": {
"type": "string"
},
"subtechnique": {
"items": {
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"reference": {
"type": "string"
}
},
"required": [
"id",
"name",
"reference"
],
"type": "object"
},
"type": [
"array"
]
}
},
"required": [
"id",
"name",
"reference"
],
"type": "object"
},
"type": [
"array"
]
}
},
"required": [
"framework",
"tactic"
],
"type": "object"
},
"type": [
"array"
]
},
"throttle": {
"type": [
"string"
]
},
"timeline_id": {
"type": [
"string"
]
},
"timeline_title": {
"type": [
"string"
]
},
"timestamp_override": {
"type": [
"string"
]
},
"to": {
"type": [
"string"
]
},
"type": {
"enum": [
"query",
"saved_query",
"machine_learning",
"eql",
"esql",
"threshold",
"threat_match",
"new_terms"
],
"enumNames": [],
"type": "string"
},
"version": {
"type": [
"integer"
]
}
},
"required": [
"author",
"description",
"name",
"risk_score",
"rule_id",
"severity",
"type"
],
"type": "object"
}
Reference in New Issue View Git Blame Copy Permalink