Skip to content

Commit

Permalink
Merge branch 'main' into az.ai.openai
Browse files Browse the repository at this point in the history
  • Loading branch information
codefromthecrypt authored Dec 9, 2024
2 parents 1d76c72 + 373a695 commit 78a512b
Show file tree
Hide file tree
Showing 7 changed files with 110 additions and 0 deletions.
22 changes: 22 additions & 0 deletions .chloggen/rule_new.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Use this changelog template to create an entry for release notes.
#
# If your change doesn't affect end users you should instead start
# your pull request title with [chore] or use the "Skip Changelog" label.

# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
change_type: new_component

# The name of the area of concern in the attributes-registry, (e.g. http, cloud, db)
component: security-rule

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: Introducing a new security rule namespace

# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
# The values here must be integers.
issues: [903]

# (Optional) One or more lines of additional information to render under the primary note.
# These lines will be padded with 2 spaces and then inserted directly into the document.
# Use pipe (|) for multiline entries.
subtext:
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ body:
- area:process
- area:profile
- area:rpc
- area:security-rule
- area:server
- area:service
- area:session
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/change_proposal.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ body:
- area:process
- area:profile
- area:rpc
- area:security-rule
- area:server
- area:service
- area:session
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/new-conventions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ body:
- area:process
- area:profile
- area:rpc
- area:security-rule
- area:server
- area:service
- area:session
Expand Down
1 change: 1 addition & 0 deletions docs/attributes-registry/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ Currently, the following namespaces exist:
- [Process](process.md)
- [Profile](profile.md)
- [RPC](rpc.md)
- [Security Rule](security-rule.md)
- [Server](server.md)
- [Service](service.md)
- [Session](session.md)
Expand Down
24 changes: 24 additions & 0 deletions docs/attributes-registry/security-rule.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<!--- Hugo front matter used to generate the website version of this page:
--->

<!-- NOTE: THIS FILE IS AUTOGENERATED. DO NOT EDIT BY HAND. -->
<!-- see templates/registry/markdown/attribute_namespace.md.j2 -->

# Security Rule

## Security Rule

Describes security rule attributes. Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events.

| Attribute | Type | Description | Examples | Stability |
|---|---|---|---|---|
| <a id="security-rule-category" href="#security-rule-category">`security_rule.category`</a> | string | A categorization value keyword used by the entity using the rule for detection of this event | `Attempted Information Leak` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-description" href="#security-rule-description">`security_rule.description`</a> | string | The description of the rule generating the event. | `Block requests to public DNS over HTTPS / TLS protocols` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-license" href="#security-rule-license">`security_rule.license`</a> | string | Name of the license under which the rule used to generate this event is made available. | `Apache 2.0` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-name" href="#security-rule-name">`security_rule.name`</a> | string | The name of the rule or signature generating the event. | `BLOCK_DNS_over_TLS` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-reference" href="#security-rule-reference">`security_rule.reference`</a> | string | Reference URL to additional information about the rule used to generate this event. [1] | `https://en.wikipedia.org/wiki/DNS_over_TLS` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-ruleset-name" href="#security-rule-ruleset-name">`security_rule.ruleset.name`</a> | string | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | `Standard_Protocol_Filters` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-uuid" href="#security-rule-uuid">`security_rule.uuid`</a> | string | A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. | `550e8400-e29b-41d4-a716-446655440000`; `1100110011` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| <a id="security-rule-version" href="#security-rule-version">`security_rule.version`</a> | string | The version / revision of the rule being used for analysis. | `1.0.0` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |

**[1] `security_rule.reference`:** The URL can point to the vendor’s documentation about the rule. If that’s not available, it can also be a link to a more general page describing this type of alert.
60 changes: 60 additions & 0 deletions model/security-rule/registry.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
groups:
- id: registry.security_rule
display_name: Security Rule
type: attribute_group
brief: >
Describes security rule attributes. Rule fields are used to capture the specifics of any observer or agent rules
that generate alerts or other notable events.
attributes:
- id: security_rule.category
type: string
stability: experimental
brief: >
A categorization value keyword used by the entity using the rule for detection of this event
examples: ['Attempted Information Leak']
- id: security_rule.description
type: string
stability: experimental
brief: >
The description of the rule generating the event.
examples: ['Block requests to public DNS over HTTPS / TLS protocols']
- id: security_rule.license
type: string
stability: experimental
brief: >
Name of the license under which the rule used to generate this event is made available.
examples: ['Apache 2.0']
- id: security_rule.name
type: string
stability: experimental
brief: >
The name of the rule or signature generating the event.
examples: ['BLOCK_DNS_over_TLS']
- id: security_rule.reference
type: string
stability: experimental
brief: >
Reference URL to additional information about the rule used to generate this event.
note: >
The URL can point to the vendor’s documentation about the rule.
If that’s not available, it can also be a link to a more general page describing this type of alert.
examples: ['https://en.wikipedia.org/wiki/DNS_over_TLS']
- id: security_rule.ruleset.name
type: string
stability: experimental
brief: >
Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member.
examples: ['Standard_Protocol_Filters']
- id: security_rule.uuid
type: string
stability: experimental
brief: >
A rule ID that is unique within the scope of a set or group of agents, observers, or other entities
using the rule for detection of this event.
examples: ['550e8400-e29b-41d4-a716-446655440000', '1100110011']
- id: security_rule.version
type: string
stability: experimental
brief: >
The version / revision of the rule being used for analysis.
examples: ['1.0.0']

0 comments on commit 78a512b

Please sign in to comment.