-
|
I have a question about finding all the fields in the detections, such as eventId, Image, and CommandLine. I need to convert the rule to OCSF type, which also requires fields like class_name, class_uid, etc., in categories such as security finding and identity management. So, my main question is where to find those fields. Are the fields mentioned inside detection fields the same for all rules, or are the fields customizable? Reference to OCSF: https://schema.ocsf.io/1.0.0/ Note: I asked the same in pySigma Q&A |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Answered in SigmaHQ/pySigma#183 Just to add. Sigma is a format abstraction and it doesn't have its own field for the detection section. The accepted fields are the one available from the log itself. |
Beta Was this translation helpful? Give feedback.
Answered in SigmaHQ/pySigma#183
Just to add. Sigma is a format abstraction and it doesn't have its own field for the detection section. The accepted fields are the one available from the log itself.