mirror of
https://github.com/marcredhat/SIEM-toolkit-patched
synced 2026-06-08 20:37:12 +00:00
Mick
6e137438b1
Coverage Map: - New "Detection Fields Missing" column shows dotted-path SDL fields that associated STAR rules reference but the parser does not provide - Only dotted field paths (src.ip, winEventLog.channel) are considered; single-word correlation variables and metadata tokens are excluded - Schema fields always present in events (dataSource.name, event.type etc) are excluded from the missing list Settings: - New STAR_LIBRARY_ONLY field (select: true/false) controls whether Load Library STAR Rules filters to @sentinelone.com creators or loads all - Rendered as a dropdown in the Settings form with a hint description - saveSettings now always persists select field values (not just non-empty) - load-star-rules reads STAR_LIBRARY_ONLY env var as its default Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>