Constants

psengine.collective_insights.constants

DETECTION_SUB_FORMAT_MAPPING module-attribute

DETECTION_SUB_FORMAT_MAPPING = {
    'ioc_type': ['ioc', 'type'],
    'ioc_value': ['ioc', 'value'],
    'ioc_field': ['ioc', 'field'],
    'ioc_source_type': ['ioc', 'source_type'],
    'incident_id': ['incident', 'id'],
    'incident_name': ['incident', 'name'],
    'incident_type': ['incident', 'type'],
    'detection_id': ['detection', 'id'],
    'detection_name': ['detection', 'name'],
    'detection_type': ['detection', 'type'],
}

DETECTION_SUB_TYPE_SIGMA module-attribute

DETECTION_SUB_TYPE_SIGMA = 'sigma'

DETECTION_SUB_TYPE_SNORT module-attribute

DETECTION_SUB_TYPE_SNORT = 'snort'

DETECTION_SUB_TYPE_YARA module-attribute

DETECTION_SUB_TYPE_YARA = 'yara'

DETECTION_TYPE_CORRELATION module-attribute

DETECTION_TYPE_CORRELATION = 'correlation'

DETECTION_TYPE_PLAYBOOK module-attribute

DETECTION_TYPE_PLAYBOOK = 'playbook'

DETECTION_TYPE_RULE module-attribute

DETECTION_TYPE_RULE = 'detection_rule'

ENTITY_DOMAIN module-attribute

ENTITY_DOMAIN = 'domain'

ENTITY_HASH module-attribute

ENTITY_HASH = 'hash'

ENTITY_IP module-attribute

ENTITY_IP = 'ip'

ENTITY_URL module-attribute

ENTITY_URL = 'url'

ENTITY_VULNERABILITY module-attribute

ENTITY_VULNERABILITY = 'vulnerability'

SUMMARY_DEFAULT module-attribute

SUMMARY_DEFAULT = True

TIMESTAMP_FORMAT module-attribute

TIMESTAMP_FORMAT = '%Y-%m-%dT%H:%M:%SZ'

VALID_DETECTION_RULE_SUB_TYPES module-attribute

VALID_DETECTION_RULE_SUB_TYPES = ['sigma', 'yara', 'snort']

VALID_DETECTION_TYPES module-attribute

VALID_DETECTION_TYPES = [
    DETECTION_TYPE_CORRELATION,
    DETECTION_TYPE_PLAYBOOK,
    DETECTION_TYPE_RULE,
]

VALID_ENTITY_TYPES module-attribute

VALID_ENTITY_TYPES = [
    ENTITY_IP,
    ENTITY_DOMAIN,
    ENTITY_HASH,
    ENTITY_URL,
    ENTITY_VULNERABILITY,
]