Feature/#187 change allowlist regexes filenames (#189)

* add risk level filter arguments #45 * fix default level in help #45 * add test yaml files #45 * refactoring and fix level argument usage. * cargo fmt --all * add risk level filter arguments #45 * fix default level in help #45 * add test yaml files #45 * refactoring and fix level argument usage. * cargo fmt --all * update * change filename * fix regexe and allowlist filename in document #187 Co-authored-by: DustInDark <nextsasasa@gmail.com>
2021-11-12 13:53:09 +09:00
parent 22c8302c4c
commit 7d49b0b521
9 changed files with 18 additions and 18 deletions
--- a/rules/System/7030.yml
+++ b/rules/System/7030.yml
@@ -6,7 +6,7 @@ detection:
        Channel: System
        EventID: 7030
        param1:
-            regexes: ./regexes.txt
+            regexes: ./config/regex/regexes_suspicous_service.txt
    # condition: selection
 falsepositives:
    - unknown
--- a/rules/System/7036.yml
+++ b/rules/System/7036.yml
@@ -6,7 +6,7 @@ detection:
        Channel: System
        EventID: 7036
        param1:
-            regexes: ./regexes.txt
+            regexes: ./config/regex/regexes_suspicous_service.txt
    condition: selection
 falsepositives:
    - unknown
--- a/rules/System/7045.yml
+++ b/rules/System/7045.yml
@@ -6,10 +6,10 @@ detection:
        Channel: System
        EventID: 7045
        ServiceName:
-            regexes: ./regexes.txt
+            regexes: ./config/regex/regexes_suspicous_service.txt
        ImagePath:
            min_length: 1000
-            allowlist: ./allowlist.txt
+            allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
    condition: selection
 falsepositives:
    - unknown