| 1234567891011121314151617181920212223 |
- <!--
- SOC Proposal Rules — Appendix B2: Log Monitoring
- Simulation profile rule IDs : 100411
- Production profile rule IDs : 110411
- -->
- <group name="soc_mvp,appendix_b,b2,logmonitor,">
- <!-- ── Simulation profile ── -->
- <!-- ── Production profile (anchored to 100260 = soc-prod-integrator) ── -->
- <rule id="110411" level="5">
- <if_sid>100260</if_sid>
- <match>event_type=log_loss_detection</match>
- <description>B2-01 [PROD] Log Monitor: log ingestion loss detected on monitored stream</description>
- <group>soc_prod,b2,log_loss,</group>
- <mitre><id>T1562.006</id></mitre>
- </rule>
- </group>
|
