open-telemetry
/
semantic-conventions
mirror of https://github.com/open-telemetry/semantic-conventions.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
semantic-conventions/model/security-rule/registry.yaml

61 lines
2.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

groups:
- id: registry.security_rule
display_name: Security Rule
type: attribute_group
brief: >
Describes security rule attributes. Rule fields are used to capture the specifics of any observer or agent rules
that generate alerts or other notable events.
attributes:
- id: security_rule.category
type: string
stability: development
brief: >
A categorization value keyword used by the entity using the rule for detection of this event
examples: ['Attempted Information Leak']
- id: security_rule.description
type: string
stability: development
brief: >
The description of the rule generating the event.
examples: ['Block requests to public DNS over HTTPS / TLS protocols']
- id: security_rule.license
type: string
stability: development
brief: >
Name of the license under which the rule used to generate this event is made available.
examples: ['Apache 2.0']
- id: security_rule.name
type: string
stability: development
brief: >
The name of the rule or signature generating the event.
examples: ['BLOCK_DNS_over_TLS']
- id: security_rule.reference
type: string
stability: development
brief: >
Reference URL to additional information about the rule used to generate this event.
note: >
The URL can point to the vendors documentation about the rule.
If thats not available, it can also be a link to a more general page describing this type of alert.
examples: ['https://en.wikipedia.org/wiki/DNS_over_TLS']
- id: security_rule.ruleset.name
type: string
stability: development
brief: >
Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member.
examples: ['Standard_Protocol_Filters']
- id: security_rule.uuid
type: string
stability: development
brief: >
A rule ID that is unique within the scope of a set or group of agents, observers, or other entities
using the rule for detection of this event.
examples: ['550e8400-e29b-41d4-a716-446655440000', '1100110011']
- id: security_rule.version
type: string
stability: development
brief: >
The version / revision of the rule being used for analysis.
examples: ['1.0.0']
Reference in New Issue View Git Blame Copy Permalink