Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add list of rules to the Rule Summary page #175

Closed
YamatoSecurity opened this issue Aug 30, 2024 · 1 comment
Closed

Add list of rules to the Rule Summary page #175

YamatoSecurity opened this issue Aug 30, 2024 · 1 comment
Assignees
@nishikawaakira
Labels
enhancement New feature or request
Milestone
v2.7.0 SecTor rel...

Comments

@YamatoSecurity
Copy link
Collaborator

YamatoSecurity commented Aug 30, 2024
edited
Loading

Under the Dates with most total detections I want to add a list of rules that were detected, similar to the HTML report that Hayabusa generates.

For example:

Critical Alerts:
| Count | Rule Name | Computers       |
|-------|-----------|-----------------|
| 100   | RuleA     | BASE-WKSTN-05.shieldbase.lan (5) (2018-08-21 ~ 2018-08-31), base-rd-01.shieldbase.lan (2) (2018-08-30 ~ 2018-09-06) |
| 50    | RuleB     | hogehoge            |
| 30    | RuleC     | hogehoge |

High Alerts:
| Count | Rule Name | Computers       |
|-------|-----------|-----------------|
| 100   | RuleA     | BASE-WKSTN-05.shieldbase.lan (5) (2018-08-21 ~ 2018-08-31), base-rd-01.shieldbase.lan (2) (2018-08-30 ~ 2018-09-06) |
| 50    | RuleB     | hogehoge            |
| 30    | RuleC     | hogehoge |

Medium Alerts:
| Count | Rule Name | Computers       |
|-------|-----------|-----------------|
| 100   | RuleA     | BASE-WKSTN-05.shieldbase.lan (5) (2018-08-21 ~ 2018-08-31), base-rd-01.shieldbase.lan (2) (2018-08-30 ~ 2018-09-06) |
| 50    | RuleB     | hogehoge            |
| 30    | RuleC     | hogehoge |

Low Alerts:
| Count | Rule Name | Computers       |
|-------|-----------|-----------------|
| 100   | RuleA     | BASE-WKSTN-05.shieldbase.lan (5) (2018-08-21 ~ 2018-08-31), base-rd-01.shieldbase.lan (2) (2018-08-30 ~ 2018-09-06) |
| 50    | RuleB     | hogehoge            |
| 30    | RuleC     | hogehoge |

Informational Alerts:
| Count | Rule Name | Computers       |
|-------|-----------|-----------------|
| 100   | RuleA     | BASE-WKSTN-05.shieldbase.lan (5) (2018-08-21 ~ 2018-08-31), base-rd-01.shieldbase.lan (2) (2018-08-30 ~ 2018-09-06) |
| 50    | RuleB     | hogehoge            |
| 30    | RuleC     | hogehoge |

The Computer name are the same as in the left side bar with the total number of alerts and first and last date in parenthesis.

Also, it would be nice to have a link to the YML Sigma rule for RuleA, RuleB, etc... and have links to the Computer pages for ComputerA, etc...
@YamatoSecurity YamatoSecurity added the enhancement New feature or request label Aug 30, 2024
@YamatoSecurity YamatoSecurity added this to the v2.7.0 SecTor release milestone Aug 30, 2024
@YamatoSecurity
Copy link
Collaborator Author

@nishikawaakira Sorry I updated the description. So basically it will include the same information in the left sidebar but as a list so may be easier to read for some users.

@nishikawaakira nishikawaakira mentioned this issue Sep 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nishikawaakira nishikawaakira

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.7.0 SecTor release
Development

No branches or pull requests
2 participants
@nishikawaakira @YamatoSecurity