| 12345678910111213141516171819202122 |
- <!--
- SOC custom local rules (production-focused baseline)
- Rule IDs in this file:
- 100250: DNS/IOC decoder anchor (soc-prod-dns)
- 100260: soc-integrator correlation decoder anchor (soc-prod-integrator)
- -->
- <group name="soc_prod_base,">
- <rule id="100250" level="3">
- <decoded_as>soc-prod-dns</decoded_as>
- <description>SOC PROD: DNS/IOC anchor event</description>
- <group>soc_prod_base,dns_ioc,</group>
- </rule>
- <rule id="100260" level="3">
- <decoded_as>soc-prod-integrator</decoded_as>
- <description>SOC PROD: soc-integrator correlation anchor event</description>
- <group>soc_prod_base,correlation,</group>
- </rule>
- </group>
|
