Data Needed

Data Needed

JSON structure

{
    "title": "Data Needed #0001",
    "description": "Description of data needed",
    "loggingpolicy": ["Logging Policy #0001"],
    "references": ["https://github.com/atc-project/"],
    "category": "OS Logs",
    "platform": "Windows",
    "type": "Windows Log",
    "channel": "Security",
    "provider": "Microsoft-Windows-Security-Auditing",
    "fields": ["EventID", "Hostname"],
    "sample": "<Event xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\">\n(..)\n  </Event>"
}

ATC Data Needed yaml file

title: Data Needed #0001
description: >
  Description of data needed
loggingpolicy:
  - Logging Policy #0001
references:
  - https://github.com/atc-project/
category: OS Logs
platform: Windows
type: Windows Log
channel: Security
provider: Microsoft-Windows-Security-Auditing
fields:
  - EventID
  - Hostname
sample: |
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    (..)
  </Event>

Python snippet for inserting data

path_to_dn = "DN0001.yml"

with open(path_to_dn, 'r') as stream:
    dn = yaml.safe_load(stream)

r = requests.post(
    'http://127.0.0.1:8000/api/v1/atc/dataneeded/',
    json=dn,
    auth=('admin', 'admin')
)

Filters

There are two types of filters - exact match and contains. Here is the list of valid filters:

Contains

• loggingpolicy_contains
• title_contains
• category_contains
• channel_contains
• platform_contains
• provider_contains
• fields_contains

Exact

• loggingpolicy_exact
• title_exact
• category_exact
• channel_exact
• platform_exact
• provider_exact
• fields_exact