dsiem icon indicating copy to clipboard operation
dsiem copied to clipboard

Published 20 hours ago verified publisher icon defenxor

Taxonomy

Open Atanon opened this issue 3 years ago • 3 comments

Where should we add taxonomy information to write taxonomy rule?

Atanon avatar Jun 04 '21 09:06 Atanon

Hi,

Taxonomy Rule is written the same way as a Plugin Rule, the only difference is its identifier.

To make a Taxonomy Rule, you can specify your rule type as TaxonomyRule and use product, category, and optionally subcategory fields as identifier instead of plugin_id and plugin_sid. You can read more about it in this documentation.

rkspx avatar Jun 12 '21 23:06 rkspx

Thank you for the information. Where should I create the Product, Category and Subcategory information? Should we write the file containing this information under the internal/pkg/ossincnv folder?

Atanon avatar Jun 13 '21 14:06 Atanon

You just write it as part of the directive. Here's an example of taxonomy rule: https://github.com/defenxor/dsiem/blob/a51a6c0b601af1c99714ccc2502d892371fa3ab3/internal/pkg/dsiem/siem/fixtures/directive1/directives_dsiem-backend-0_testing1.json#L108-L123

mmta avatar Jun 16 '21 18:06 mmta