-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compliance with DRL 1.1 #1
Comments
Hi @Neo23x0 Thanks for raising this issue. I must have mis-understood the DRL as my interpretation was that as long as the sigma rule base remained unmodified, referenced and linked then showing the matching detections was okay without explicity naming the author for each detection. My thought process for how the analyst workflow would work was:
The author information would be visible in the "Read Detection Logic" step when the analyst goes to the specific Sigma rule. Regardless, I'm more than happy to add support for your requirements. I've opened PR #5 which adds
As long as you're happy that this satisfied the conditions of the DRL then I'll merge the PR. |
This has been added to master with #11. It will be live in the next release. |
First of all, great tool 👍
Would it be possible to display the rule author somewhere whenever a rule matches on an eventlog entry to comply with the Detection Rule License?
Maybe in brackets behind the rule title in the column
detection_rules
?https://github.com/SigmaHQ/sigma/blob/master/LICENSE.Detection.Rules.md
I guess this would be the right location:
https://github.com/countercept/chainsaw/blob/0a4b0f22427985a6cd0af1b1fd559933e5adf6f7/src/hunt/modules.rs#L50
The text was updated successfully, but these errors were encountered: