-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpsono-rules.xml
78 lines (78 loc) · 3.02 KB
/
psono-rules.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<group name="psono">
<rule id="100800" level="3">
<decoded_as>psono</decoded_as>
<description>Psono Base Rule: $(psono_name) $(event)</description>
</rule>
<rule id="100801" level="0">
<if_sid>100800</if_sid>
<field name="api_path">restapi.views.health_check</field>
<description>Psono Health Check</description>
</rule>
<rule id="100802" level="0">
<if_sid>100801</if_sid>
<field name="success">True</field>
<description>Psono: $(psono_name) Health Check Success</description>
</rule>
<rule id="100803" level="3">
<if_sid>100801</if_sid>
<field name="success">False</field>
<description>Psono: $(psono_name) Health Check Failed</description>
</rule>
<rule id="100804" level="0">
<if_sid>100800</if_sid>
<field name="api_path">fileserver.views.alive</field>
<description>Fileserver Alive Check</description>
</rule>
<rule id="100805" level="0">
<if_sid>100804</if_sid>
<field name="success">True</field>
<description>Psono: $(psono_name) Fileserver Health Check Success</description>
</rule>
<rule id="100806" level="3">
<if_sid>100804</if_sid>
<field name="success">False</field>
<description>Psono: $(psono_name) Fileserver Health Check Failed</description>
</rule>
<rule id="100807" level="0">
<field name="api_path">restapi.views.status</field>
<description>Psono Read Status</description>
</rule>
<rule id="100808" level="0">
<if_sid>100807</if_sid>
<field name="success">True</field>
<description>Psono: $(psono_name) Read Status Success</description>
</rule>
<rule id="100809" level="3">
<if_sid>100807</if_sid>
<field name="success">False</field>
<description>Psono: $(psono_name) Read Status Failed</description>
</rule>
<rule id="100810" level="0">
<field name="api_path">fileserver.views.cleanup_chunks</field>
<description>Psono Fileserver Chunk Cleanup</description>
</rule>
<rule id="100811" level="0">
<if_sid>100810</if_sid>
<field name="success">True</field>
<description>Psono: $(psono_name) Fileserver Chunk Cleanup Success</description>
</rule>
<rule id="100812" level="3">
<if_sid>100810</if_sid>
<field name="success">False</field>
<description>Psono: $(psono_name) Fileserver Chunk Cleanup Failed</description>
</rule>
<rule id="100813" level="0">
<field name="api_path">restapi.views.secret</field>
<description>Psono Secret Viewed</description>
</rule>
<rule id="100814" level="3">
<if_sid>100813</if_sid>
<field name="success">True</field>
<description>Psono: $(dstuser) Read Secret Success</description>
</rule>
<rule id="100815" level="3">
<if_sid>100813</if_sid>
<field name="success">False</field>
<description>Psono: $(dstuser) Read Secret Failed</description>
</rule>
</group>