Mika Ayenson
62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
---
|
|
- "documentation":
|
|
- "./**/*.md"
|
|
- "schema":
|
|
- "detection_rules/beats.py"
|
|
- "detection_rules/etc/beats_schemas/**/*"
|
|
- "detection_rules/ecs.py"
|
|
- "detection_rules/etc/ecs_schemas/**/*"
|
|
- "detection_rules/etc/api_schemas/**/*"
|
|
- "detection_rules/schemas/**/*"
|
|
- "python":
|
|
- "detection_rules/**/*.py"
|
|
- "kibana/**/*.py"
|
|
- "kql/**/*.py"
|
|
- "RTA":
|
|
- "rta/**/*"
|
|
|
|
# rules
|
|
- "bbr":
|
|
- "rules_building_block/*.toml"
|
|
- "Domain: Cloud":
|
|
- "rules/integrations/aws/**/*.toml"
|
|
- "rules/integrations/azure/**/*.toml"
|
|
- "rules/integrations/cyberarkpas/**/*.toml"
|
|
- "rules/integrations/gcp/**/*.toml"
|
|
- "rules/integrations/google_workspace/**/*.toml"
|
|
- "rules/integrations/o365/**/*.toml"
|
|
- "rules/integrations/okta/**/*.toml"
|
|
- "Domain: Endpoint":
|
|
- "rules/windows/**/*.toml"
|
|
- "rules/linux/**/*.toml"
|
|
- "rules/macos/**/*.toml"
|
|
- "ML":
|
|
- "rules/ml/**/*.toml"
|
|
- "rules/**/ml_*.toml"
|
|
- "OS: Linux":
|
|
- "rules/linux/**/*.toml"
|
|
- "OS: macOS":
|
|
- "rules/macos/**/*.toml"
|
|
- "OS: Windows":
|
|
- "rules/windows/**/*.toml"
|
|
- "Integration: AWS":
|
|
- "rules/integrations/aws/**/*.toml"
|
|
- "Integration: Azure":
|
|
- "rules/integrations/azure/**/*.toml"
|
|
- "Integration: Crowdstrike":
|
|
- "rules/integrations/crowdstrike/**/*.toml"
|
|
- "Integration: CyberArkPas":
|
|
- "rules/integrations/cyberarkpas/**/*.toml"
|
|
- "Integration: Endpoint":
|
|
- "rules/integrations/endpoint/**/*.toml"
|
|
- "Integration: GCP":
|
|
- "rules/integrations/gcp/**/*.toml"
|
|
- "Integration: Google Workspace":
|
|
- "rules/integrations/google_workspace/**/*.toml"
|
|
- "Integration: Microsoft 365":
|
|
- "rules/integrations/o365/**/*.toml"
|
|
- "Integration: Okta":
|
|
- "rules/integrations/okta/**/*.toml"
|
|
- "Rule: Deprecation":
|
|
- "rules/_deprecated/**/*"
|