Passer la navigation

Exemple de règle de détection

Consultez les rubriques suivantes pour comprendre le format et les options des règles CAE :
{ "States": [ { "Name": "TestFile", "Scope": "Global", "Function": "(a)", "FieldOperators": { "a": { "Type": "Contains", "Operands": [ { "Source": "TargetFile", "Data": "Path" }, { "Source": "Literal", "Data": "my_test_file" } ], "OperandType": "String" } }, "ActivationTimeLimit": "-0:00:00.001", "Actions": [ { "Type": "AOI", "ItemName": "InstigatingProcess", "Position": "PostActivation" }, { "Type": "AOI", "ItemName": "TargetProcess", "Position": "PostActivation" }, { "Type": "AOI", "ItemName": "TargetFile", "Position": "PostActivation" } ], "HarvestContributingEvent": true, "Filters": [ { "Type": "Event", "Data": { "Category": "File", "SubCategory": "", "Type": "Create" } } ] } ], "Paths": [ { "StateNames": [ "NewSuspiciousFile", "CertUtilDecode" ] } ], "Tags": [ "CylanceOPTICS" ] }
Pour consulter un autre exemple de règle de détection personnalisée, reportez-vous à l'article KB66651.