fix: Remove extra comma

pull/128/head
Raphaël Vinot 2018-12-11 15:53:00 +01:00
parent c7ddf850dd
commit 7ccf92a9be
1 changed files with 41 additions and 41 deletions

View File

@ -4,45 +4,45 @@
"description": "The Use Case Applicability categories reflect standard resolution categories, to clearly display alerting rule configuration problems.", "description": "The Use Case Applicability categories reflect standard resolution categories, to clearly display alerting rule configuration problems.",
"version": 1, "version": 1,
"predicates": [ "predicates": [
{ {
"value": "announced-administrative/user-action", "value": "announced-administrative/user-action",
"expanded": "Announced administrative/user action", "expanded": "Announced administrative/user action",
"description": "The process to communicate administrative activities or special user actions was in place and working correctly. Internal sensors are working and detecting privileged or irregular administrative behaviour." "description": "The process to communicate administrative activities or special user actions was in place and working correctly. Internal sensors are working and detecting privileged or irregular administrative behaviour."
}, },
{ {
"value": "unannounced-administrative/user-action", "value": "unannounced-administrative/user-action",
"expanded": "Unannounced administrative/user action", "expanded": "Unannounced administrative/user action",
"description": "Internal sensors have detected privileged or user activity, which was not previously communicated. This category also includes improper usage." "description": "Internal sensors have detected privileged or user activity, which was not previously communicated. This category also includes improper usage."
}, },
{ {
"value": "log-management-rule-configuration-error", "value": "log-management-rule-configuration-error",
"expanded": "Log management rule configuration error", "expanded": "Log management rule configuration error",
"description": "This category reflects false alerts that were raised due to configuration errors in the central log management system, often a SIEM, rule." "description": "This category reflects false alerts that were raised due to configuration errors in the central log management system, often a SIEM, rule."
}, },
{ {
"value": "detection-device/rule-configuration-error", "value": "detection-device/rule-configuration-error",
"expanded": "Detection device/rule configuration error", "expanded": "Detection device/rule configuration error",
"description": "This category reflects rules on detection devices, which are usually passive or active components of network security." "description": "This category reflects rules on detection devices, which are usually passive or active components of network security."
}, },
{ {
"value": "bad-IOC/rule-pattern-value", "value": "bad-IOC/rule-pattern-value",
"expanded": "Bad IOC/rule pattern value", "expanded": "Bad IOC/rule pattern value",
"description": "Products often require external indicator information or security feeds to be applied on active or passive infrastructure components to create alerts." "description": "Products often require external indicator information or security feeds to be applied on active or passive infrastructure components to create alerts."
}, },
{ {
"value": "test-alert", "value": "test-alert",
"expanded": "Test alert", "expanded": "Test alert",
"description": "This alert reflects alerts created for testing purposes. " "description": "This alert reflects alerts created for testing purposes. "
}, },
{ {
"value": "confirmed-attack-with-IR-actions", "value": "confirmed-attack-with-IR-actions",
"expanded": "Confirmed Attack with IR actions", "expanded": "Confirmed Attack with IR actions",
"description":"This alert represents the classic true positives, where all security controls in place were circumvented, a security control was lacking or a misconfiguration of a security element occurred." "description": "This alert represents the classic true positives, where all security controls in place were circumvented, a security control was lacking or a misconfiguration of a security element occurred."
}, },
{ {
"value": "confirmed-attack-attempt-without-IR-actions", "value": "confirmed-attack-attempt-without-IR-actions",
"expanded": "Confirmed Attack attempt without IR actions", "expanded": "Confirmed Attack attempt without IR actions",
"description":"This category reflects an attempt by a threat actor, which in the end could be prevented by in place security measures but passed security controls associated with the delivery phase of the Cyber Kill Chain." "description": "This category reflects an attempt by a threat actor, which in the end could be prevented by in place security measures but passed security controls associated with the delivery phase of the Cyber Kill Chain."
} }
], ]
} }