Merge pull request #154 from godoppl/master

Removed duplicate help description
pull/160/head
Alexandre Dulaunoy 2019-04-29 21:31:07 +02:00 committed by GitHub
commit 3d0e01b431
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 1 deletions

View File

@ -49,7 +49,6 @@ Keep in mind that the system searches for regular expressions in the value field
* **Category:** This drop-down menu explains the category of the attribute, meaning what aspect of the malware this attribute is describing. This could mean the persistence mechanisms of the malware or network activity, etc. For a list of valid categories, [click here](../categories-and-types)
* **Type:** Whilst categories determine what aspect of an event they are describing, the Type explains by what means that aspect is being described. As an example, the source IP address of an attack, a source e-mail address or a file sent through an attachment can all describe the payload delivery of a malware. These would be the types of attributes with the category of payload deliver. For an explanation of what each of the types looks like together with the valid combinations of categories and types, [click here](../categories-and-types)
* **Distribution:** This drop-down list allows you to control who will be able to see this attribute. The distribution is inherited by attributes: the most restrictive setting wins. For more info, read the distribution information in the creating an event section - [click here](#creating-an-event)
* **Contextual Comment:** Add a comment to the attribute. This will not be used for correlation.
* **Value:** The actual value of the attribute, enter data about the value based on what is valid for the chosen attribute type. For example, for an attribute of type ip-src (source IP address), 11.11.11.11 would be a valid value. For more information on types and values, [click here](../categories-and-types)
* **Contextual Comment:** You can add some comments to the attribute that will not be used for correlation but instead serves as purely an informational field.
* **For Intrusion Detection System:** This option allows the attribute to be used as an IDS signature when exporting the NIDS data, unless it is being overruled by the white-list. For more information about the white-list, head over to the [administration](#administration) section. If the IDS flag is not set, the attribute is considered as contextual information and not to be used for automatic detection.