Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modeling rules for fireeye audit logs #26575

Merged
merged 23 commits into from May 30, 2023
Merged

Modeling rules for fireeye audit logs #26575

merged 23 commits into from May 30, 2023

Conversation

yasta5
Copy link
Contributor

@yasta5 yasta5 commented May 17, 2023
edited

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: https://jira-hq.paloaltonetworks.local/browse/CIAC-6502

Does it break backward compatibility?

  • Yes
    • Further details:
  • No

ShirleyDenkberg
ShirleyDenkberg reviewed May 28, 2023
View reviewed changes
Packs/FireEyeHX/README.md Outdated Show resolved Hide resolved
Packs/FireEyeHX/README.md Outdated

## Configuration on Server Side
### Raw syslog audit messages
In order to configure FireEye HX to send syslog audit logs, refer to FireEye HX "Endpoint Security Server System Administration Guide" (**Configuring a Syslog Server Using the CLI**).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe include a link to the Guide (https://docs.trellix.com/bundle/hx_sag_5-3-0_pdf/resource/HX_SAG_5.3.0_pdf.pdf)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I preferred not to, because it is specific for the version of the product.

Packs/FireEyeHX/README.md Outdated Show resolved Hide resolved
Packs/FireEyeHX/ReleaseNotes/2_3_7.md Outdated Show resolved Hide resolved
@ShirleyDenkberg
Copy link
Contributor

@yasta5 Doc review completed.
FYI: I am not a reviewer and cannot approve these changes.

yasta5 and others added 12 commits May 28, 2023 14:15
@yasta5
Merge branch 'master' into Fireeye_hx_modeling_rules
f764706
@adi88d
remove the _time field from events
08b442d
@adi88d
Merge remote-tracking branch 'origin/Fireeye_hx_modeling_rules' into …
02ada46 
…Fireeye_hx_modeling_rules
@yasta5 @ShirleyDenkberg
Update Packs/FireEyeHX/ReleaseNotes/2_3_7.md
7c8786c 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@yasta5 @ShirleyDenkberg
Update Packs/FireEyeHX/README.md
2c067ce 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@yasta5 @ShirleyDenkberg
Update Packs/FireEyeHX/README.md
a4a51bb 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@yasta5
Merge branch 'master' into Fireeye_hx_modeling_rules
fa0dd3b
@yasta5
Updated modelling rules and readme file
beb4daf
@adi88d
update RN
48e1794
@adi88d
update test_populate_modeling_rule_fields
dab3073
@yasta5
Updated the schema of the modeling rules
32e67c0
@yasta5
Merge branch 'master' into Fireeye_hx_modeling_rules
62ef437
@yasta5 yasta5 requested a review from evisochek May 29, 2023 09:09
@evisochek evisochek requested a review from DeanArbel May 29, 2023 13:38
@yasta5 yasta5 merged commit b54dfed into master May 30, 2023
12 of 14 checks passed
@yasta5 yasta5 deleted the Fireeye_hx_modeling_rules branch May 30, 2023 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@evisochek evisochek evisochek approved these changes

@DeanArbel DeanArbel Awaiting requested review from DeanArbel

Assignees

@ShirleyDenkberg ShirleyDenkberg

Labels
docs-approved ForceMerge
Projects
None yet
Milestone
No milestone
4 participants
@yasta5 @ShirleyDenkberg @evisochek @adi88d