-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enabling risk/observable matching #241
Conversation
… messages and logs lines
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initial static review with responses to RFC and followup comments. I will merge Lou's PR, update the branch, then do some runtime testing of the PR.
As such, this is not approved YET.
contentctl/objects/abstract_security_content_objects/detection_abstract.py
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approved after discussions with dev through comments and slack
Context
Code changes
contributing_events_search
Attacker
role observables)TODO
Testing
contentctl build
which causesUser Name
observables to createother
type risk events instead ofuser
type (see The "User Name" type should map to a "user" risk object and not "other" #246)contentctl build
, which causes any observable with a role ofOther
(regardless of its type) to createother
type risk events (see Refactor therisk
property ofdetection_abstract
to handle observable/risk/threat mappings more transparently #247)Future Work
risk
property ofdetection_abstract
to handle observable/risk/threat mappings more transparently #247detection.tags.observable
#249