You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By using a translator like STIX-shifter, or a similar project that already implements the grammar, like stix2patterns, STIX patterns could be translated into an OpenSearch DSL query. This requires a translator and a model, since Wazuh doesn't really have a common schema for alerts.
Adding direct indicator support would be incredibly useful. The current implementation depends on relationships between indicators and observables ("based-on"). These are fortunately often provided, but they only make sense when the indicator pattern is trivial. Additionaly, some sources also only provide a STIX pattern, without any references to observables.
The text was updated successfully, but these errors were encountered:
By using a translator like STIX-shifter, or a similar project that already implements the grammar, like stix2patterns, STIX patterns could be translated into an OpenSearch DSL query. This requires a translator and a model, since Wazuh doesn't really have a common schema for alerts.
Adding direct indicator support would be incredibly useful. The current implementation depends on relationships between indicators and observables ("based-on"). These are fortunately often provided, but they only make sense when the indicator pattern is trivial. Additionaly, some sources also only provide a STIX pattern, without any references to observables.
The text was updated successfully, but these errors were encountered: