Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2x New CICD Checks for Detection Validation #310

Open
dluxtron opened this issue Oct 16, 2024 · 0 comments
Open

2x New CICD Checks for Detection Validation #310

dluxtron opened this issue Oct 16, 2024 · 0 comments

Comments

@dluxtron
Copy link

1. summaries_only macro missing from tstats search

  • this will help when folks accidentally submit a tstats based detection which directly references summariesonly=t
  • spent far too long to admit troubleshooting why my latest detection didn't trigger, grr.
  • also good for standardisation where this is missing

2. risk object not found in SPL

  • helps ensure the risk objects are relevant
  • may need to look at the last line of SPL, table/ stats or required fields, catches to ensure whole field is compared so src doesn't match on src_ip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant