mirror of
https://github.com/marcredhat/SIEM-toolkit-patched
synced 2026-06-09 12:57:13 +00:00
marc
a9dcf48e65
The original upstream gitignores parsers/* on the assumption that each tenant has its own set. This fork commits a working snapshot so the Parser Test Runner and Parser Coverage features are usable out of the box. Stormshield parser exercises the new SDL key=value scanner, pattern references, and JS-style unquoted format keys added to backend/routers/quality.py.
1 line
713 B
Plaintext
1 line
713 B
Plaintext
{"name": "OCSF MITRE Coverage", "graphs": [{"label": "T1110-Brute Force", "filter": "message contains \"Failed\"", "function": "count", "graphType": "value"}, {"label": "T1046-Scanning", "filter": "action=\"deny\"", "function": "count", "graphType": "value"}, {"label": "T1059-Command Exec", "filter": "message contains \"bash\"", "function": "count", "graphType": "value"}, {"label": "T1078-Valid Accounts", "filter": "user_name=\"root\"", "function": "count", "graphType": "value"}, {"label": "T1548-Priv Esc", "filter": "message contains \"sudo\"", "function": "count", "graphType": "value"}, {"label": "Top IPs", "facet": "src_ip", "filter": "src_ip is not null", "graphType": "topValuesTable", "limit": 10}]} |