-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclassifier-SplunkPy.json
68 lines (68 loc) · 1.52 KB
/
classifier-SplunkPy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
{
"id": "SplunkPy",
"version": -1,
"modified": "2019-06-03T14:23:31.961337606Z",
"commitMessage": "Demisto content update",
"shouldPublish": true,
"shouldCommit": false,
"shouldPush": false,
"defaultIncidentType": "",
"instanceId": "",
"mapping": {
"Access": {
"internalMapping": {
"App": {
"simple": "app",
"complex": null
},
"Dest": {
"simple": "dest",
"complex": null
},
"Dest NT Domain": {
"simple": "dest_pci_domain",
"complex": null
},
"Src": {
"simple": "src",
"complex": null
},
"Src NT Domain": {
"simple": "src_pci_domain",
"complex": null
}
},
"dontMapEventToLabels": false
},
"Malware": {
"internalMapping": {
"Dest": {
"simple": "dest",
"complex": null
},
"Signature": {
"simple": "signature",
"complex": null
}
},
"dontMapEventToLabels": false
}
},
"unclassifiedCases": null,
"incidentSamples": null,
"custom": false,
"transformer": {
"simple": "source",
"complex": null
},
"keyTypeMap": {
"Access - Brute Force Access Behavior Detected - Rule": "Access",
"Access - Brute Force Access Behavior Detected Over 1d - Rule": "Access",
"Access - Concurrent App Accesses - Rule": "Access",
"Access - Excessive Failed Logins - Rule": "Access",
"Access - High or Critical Priority Individual Logging into Infected Machine - Rule": "Access",
"Endpoint - High Or Critical Priority Host With Malware - Rule": "Malware"
},
"brandName": "SplunkPy",
"instanceName": ""
}