odie/esm2markdown
1
0
Fork 0
mirror of https://codeberg.org/mclemens/esm2markdown.git synced 2024-11-03 07:47:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
54a0d7b858
esm2markdown/demo/demo.mk
Michael Clemens 36ea34ecf9 added demo.xml and Markdown output
2018-03-22 15:41:33 +01:00

67 lines
1.5 KiB
Makefile
Raw Blame History

# Correlation Rule Overview
* **Demo Correlation Rule**
# Demo Correlation Rule
## Description
This correlation rule is for demo purposes only. It makes no sense at all and is only needed to test esm2markdown.
## General Information
* **Rule ID:** 47-6000112
* **Normalization ID:** 4026531840
* **Severity:** 50
* **Tag:** Demo Correlation Rules
* **Group By:** SRC_ZONE
## Correlation Details
![](images/47-6000112.png)
### Parameters
* **Demo Parameter**
* **Description:** This parameter is a parameter.
* **Default Value:** UserIDSrc|6751494449278544611[root]
### Rules
#### Rule 1
* **Activate:** EVENT
* **Match Type:** FILTER
* **Count:** 1
* **Action:** Trigger
* **Timeout:** 600
* **Time Units:** SECOND
* **Threshold:** 5
* **Match Filter**
* **Filter Component**
* **Condition:** 'SRC_IP' EQUALS '1.1.1.1'
#### Rule 2
* **Activate:** EVENT
* **Match Type:** FILTER
* **Count:** 1
* **Action:** Trigger
* **Timeout:** 600
* **Time Units:** SECOND
* **Threshold:** 5
* **Match Filter**
* **Filter Component**
* **Condition:** 'CUST_4259873' EQUALS 'Description|12622590293378144023[bla]'
#### Rule 3
* **Activate:** EVENT
* **Match Type:** FILTER
* **Count:** 1
* **Action:** Trigger
* **Timeout:** 600
* **Time Units:** SECOND
* **Threshold:** 1
* **Match Filter**
* **Filter Component**
* **Condition:** 'CUST_2' EQUALS 'CommandID|6751494449278544611[$var=PRIVILEGED_USERS]'
\newpage
Reference in New Issue View Git Blame Copy Permalink