-
Notifications
You must be signed in to change notification settings - Fork 362
5.1 ‐ Detection Naming Convention
Bhavin Patel edited this page Oct 9, 2024
·
1 revision
Everytime a Splunk Security Content analytic is created it should follow the naming convention below. This convention provides us consistent naming as well as organization for our different security content components.
<platform>_<technique_name>_<short_description>
-
<platform>= Cloud, Endpoint, Network, Application, Splunk etc -
<technique_name>= Full name of the technique: OS Credential Dumping, Valid Accounts, Process Injection -
<short_description>= A short description of the detection, ideally 1 to 2 words. Seenames should be
Executables Or Script Creation In Suspicious Path
- Limited to 64 characters
- Avoid verbs/words like: abnormal, suspicious, malicious, and detect