Skip to content

Commit

Permalink
Added the security_control profile, removed the malware attribute (co…
Browse files Browse the repository at this point in the history
…ntained in security_control) and updated the class description to clarify how attacks should be duplicated.

Signed-off-by: Paul Agbabian <[email protected]>
  • Loading branch information
pagbabian-splunk committed Jan 2, 2024
1 parent 2d76d3b commit 45e2960
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions events/findings/detection_finding.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,16 @@
"uid": 4,
"caption": "Detection Finding",
"category": "findings",
"description": "A Detection Finding describes detections or alerts generated by security products using correlation engines, detection engines or other methodologies.",
"description": "A Detection Finding describes detections or alerts generated by security products using correlation engines, detection engines or other methodologies. Note: if the product is a security control, the <code>security_control</code> profile should be applied and its <code>attacks</code> information should be duplicated into the <code>finding_info</code> object.",
"extends": "finding",
"name": "detection_finding",
"profiles": [
"security_control"
],
"attributes": {
"$include": [
"profiles/security_control.json"
],
"evidences": {
"group": "primary",
"requirement": "recommended"
Expand All @@ -22,10 +28,6 @@
"group": "context",
"requirement": "optional"
},
"malware": {
"group": "context",
"requirement": "optional"
},
"remediation": {
"group": "context",
"requirement": "optional"
Expand Down

0 comments on commit 45e2960

Please sign in to comment.