-
|
I have a question about finding all the fields present in the detections, such as eventId, Image, and CommandLine. I need to convert the rule to OCSF type, which also requires fields like class_name, class_uid, etc., in categories such as security finding and identity management. So, my main question is where to find those fields. Are the fields mentioned inside detection fields the same for all rules, or are the fields customizable? Reference to OCSF: https://schema.ocsf.io/1.0.0/ |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Good starting point: https://github.com/SigmaHQ/sigma-specification/blob/main/Taxonomy_specification.md |
Beta Was this translation helpful? Give feedback.
Good starting point: https://github.com/SigmaHQ/sigma-specification/blob/main/Taxonomy_specification.md