Files
main/SOCFortress API/200980-socfortress.xml
2023-05-26 15:00:30 -05:00

43 lines
1.5 KiB
XML

<group name="socfortress,">
<rule id="200980" level="1">
<field name="integration">custom-socfortress</field>
<description>SOCFortress IoC</description>
<options>no_full_log</options>
</rule>
<rule id="200981" level="1">
<if_sid>200980</if_sid>
<field name="socfortress.status_code">^404$</field>
<description>No matching IoC Detected</description>
<options>no_full_log</options>
</rule>
<rule id="200982" level="3">
<if_sid>200980</if_sid>
<field name="socfortress.status_code">^503$</field>
<description>$(socfortress.message)</description>
<options>no_full_log</options>
</rule>
<rule id="200983" level="12">
<if_sid>200980</if_sid>
<field name="socfortress.status_code">^200$</field>
<description>IoC Detected: $(socfortress.value)</description>
<options>no_full_log</options>
</rule>
<rule id="200984" level="10">
<if_sid>200980</if_sid>
<field name="socfortress.status_code">^403$</field>
<description>Forbidden - Make sure you have configured a proper API Key</description>
<options>no_full_log</options>
</rule>
<rule id="200985" level="10">
<if_sid>200980</if_sid>
<field name="socfortress.status_code">^429$</field>
<description>Rate Quota Limit Exceeded</description>
<options>no_full_log</options>
</rule>
<rule id="200986" level="3">
<field name="integration">custom-socfortress-knowledgebase</field>
<description>SOCFortress KnowledgeBase</description>
<options>no_full_log</options>
</rule>
</group>