hub icon indicating copy to clipboard operation
hub copied to clipboard
verified publisher icon crowdsecurity

run hub linter after generating the index

Open blotus opened this issue 1 year ago • 4 comments

blotus avatar Apr 24 '24 11:04 blotus

Hello @blotus and thank you for your contribution!

I'm a bot that helps maintainers to validate scenarios and ensure they include all the required information. I've found some errors in your scenarios, please fix them and re-submit your PR, or ask for help if you need it.

The following items have errors:

crowdsecurity/amavis-blocked:

  • Unknown behaviors: mail:malware

Mitre ATT&CK

Information about mitre attack can be found here. As an example, some common mitre attack techniques:

  • T1110 for bruteforce attacks
  • T1595 and T1190 for exploitation of public vulnerabilities
  • T1595 for generic scanning of exposed applications

Expected format is (where XXXX is the technique ID):

labels:
  classification:
    - attack.TXXXX

CVEs

If your scenario covers a specific CVE (Common Vulnerabilities and Exposures), please add it.

Expected format is (where CVE-XXX-XXX is the CVE ID):

labels:
  classification:
    - cve.CVE-XXX-XXX

Behaviors

Please identify the behavior(s) your scenario is targeting. You can find the list of available behaviors here.

Expected format is (where <behavior> is the behavior you want to target):

labels:
  behavior: <behavior>

See the labels documentation for more information.

github-actions[bot] avatar Apr 24 '24 12:04 github-actions[bot]

Hello @blotus and thank you for your contribution!

I'm a bot that helps maintainers to validate scenarios and ensure they include all the required information. I've found some errors in your scenarios, please fix them and re-submit your PR, or ask for help if you need it.

The following items have errors:

crowdsecurity/amavis-blocked:

  • Unknown behaviors: mail:malware

Mitre ATT&CK

Information about mitre attack can be found here. As an example, some common mitre attack techniques:

  • T1110 for bruteforce attacks
  • T1595 and T1190 for exploitation of public vulnerabilities
  • T1595 for generic scanning of exposed applications

Expected format is (where XXXX is the technique ID):

labels:
  classification:
    - attack.TXXXX

CVEs

If your scenario covers a specific CVE (Common Vulnerabilities and Exposures), please add it.

Expected format is (where CVE-XXX-XXX is the CVE ID):

labels:
  classification:
    - cve.CVE-XXX-XXX

Behaviors

Please identify the behavior(s) your scenario is targeting. You can find the list of available behaviors here.

Expected format is (where <behavior> is the behavior you want to target):

labels:
  behavior: <behavior>

See the labels documentation for more information.

github-actions[bot] avatar Apr 24 '24 13:04 github-actions[bot]

Hello @blotus,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

github-actions[bot] avatar Apr 24 '24 13:04 github-actions[bot]

Hello @blotus,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

github-actions[bot] avatar Apr 24 '24 13:04 github-actions[bot]