-
Notifications
You must be signed in to change notification settings - Fork 135
/
analytic.json
94 lines (94 loc) · 4.94 KB
/
analytic.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
{
"caption": "Analytic",
"name": "analytic",
"description": "The Analytic object contains details about the analytic technique used to analyze and derive insights from the data or information that led to the creation of a finding or conclusion.",
"extends": "_entity",
"attributes": {
"category": {
"description": "The analytic category.",
"requirement": "optional"
},
"desc": {
"description": "The description of the analytic that generated the finding.",
"requirement": "optional"
},
"name": {
"description": "The name of the analytic that generated the finding."
},
"related_analytics": {
"@deprecated": {
"message": "Related Analytics has been decoupled from this object, instead use <code>finding_info.related_analytics</code>.",
"since": "1.0.0"
},
"description": "Other analytics related to this analytic.",
"requirement": "optional"
},
"type": {
"description": "The analytic type.",
"requirement": "optional"
},
"type_id": {
"description": "The analytic type ID.",
"requirement": "required",
"enum": {
"0": {
"caption": "Unknown"
},
"1": {
"caption": "Rule",
"description": "A Rule in security analytics refers to predefined criteria or conditions set to monitor, alert, or enforce policies, playing a crucial role in access control, threat detection, and regulatory compliance across security systems."
},
"2": {
"caption": "Behavioral",
"description": "Behavioral analytics focus on monitoring and analyzing user or system actions to identify deviations from established patterns, aiding in the detection of insider threats, fraud, and advanced persistent threats (APTs)."
},
"3": {
"caption": "Statistical",
"description": "Statistical analytics pertains to analyzing data patterns and anomalies using statistical models to predict, detect, and respond to potential threats, enhancing overall security posture through informed decision-making."
},
"4": {
"caption": "Learning (ML/DL)",
"description": "Learning (ML/DL) encompasses techniques that can \"learn\" from known data to create analytics that generalize to new data. There may be a statistical component to these techniques, but it is not a requirement."
},
"5": {
"caption": "Fingerprinting",
"description": "Fingerprinting is the technique of collecting detailed system data, including software versions and configurations, to enhance threat detection, data loss prevention (DLP), and endpoint detection and response (EDR) capabilities."
},
"6": {
"caption": "Tagging",
"description": "Tagging refers to the practice of assigning labels or identifiers to data, users, assets, or activities to monitor, control access, and facilitate incident response across various security domains such as DLP and EDR."
},
"7": {
"caption": "Keyword Match",
"description": "Keyword Match involves scanning content for specific terms to identify sensitive information, potential threats, or policy violations, aiding in DLP and compliance monitoring."
},
"8": {
"caption": "Regular Expressions",
"description": "Regular Expressions are used to define complex search patterns for identifying, validating, and extracting specific data sets or threats within digital content, enhancing DLP, EDR, and threat detection mechanisms."
},
"9": {
"caption": "Exact Data Match",
"description": "Exact Data Match is a precise comparison technique used to detect the unauthorized use or exposure of specific, sensitive information, crucial for enforcing DLP policies and protecting against data breaches."
},
"10": {
"caption": "Partial Data Match",
"description": "Partial Data Match involves identifying instances where segments of sensitive information or patterns match, facilitating nuanced DLP and threat detection without requiring complete data conformity."
},
"11": {
"caption": "Indexed Data Match",
"description": "Indexed Data Match refers to comparing content against a pre-compiled index of sensitive information to efficiently detect and prevent unauthorized access or breaches, streamlining DLP and compliance efforts."
},
"99": {
"caption": "Other"
}
}
},
"uid": {
"description": "The unique identifier of the analytic that generated the finding."
},
"version": {
"description": "The analytic version. For example: <code>1.1</code>.",
"requirement": "optional"
}
}
}