METRON-1391 Typos in Documentation/Examples within metron-management/README.md (havran via ottobackwards) closes apache/metron#890
Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/08745719 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/08745719 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/08745719 Branch: refs/heads/feature/METRON-1344-test-infrastructure Commit: 08745719120fd8d42e36c728a405966ad64f20b7 Parents: 1c9437c Author: havran <havran.in...@gmail.com> Authored: Tue Jan 30 10:40:04 2018 -0500 Committer: otto <o...@apache.org> Committed: Tue Jan 30 10:40:04 2018 -0500 ---------------------------------------------------------------------- metron-platform/metron-management/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/08745719/metron-platform/metron-management/README.md ---------------------------------------------------------------------- diff --git a/metron-platform/metron-management/README.md b/metron-platform/metron-management/README.md index c4b9555..812583c 100644 --- a/metron-platform/metron-management/README.md +++ b/metron-platform/metron-management/README.md @@ -898,7 +898,7 @@ Returns: A Map associated with the indicator and enrichment type. Empty otherwi [Stellar]>>> non_us := whois_info.home_country != 'US' [Stellar]>>> is_local := IN_SUBNET( if IS_IP(ip_src_addr) then ip_src_addr else NULL, '192.168.0.0/21') [Stellar]>>> is_both := whois_info.home_country != 'US' && IN_SUBNET( if IS_IP(ip_src_addr) then ip_src_addr else NULL, '192.168.0.0/21') -[Stellar]>>> rules := [ { 'name' : 'is non-us', 'rule' : SHELL_GET_EXPRESSION('non_us'), 'score' : 10 } , { 'name' : 'is local', 'rule' : SHELL_GET_EXPRESSION('is_local '), 'score' : 20 } , { 'name' : 'both non-us and local', 'comment' : 'union of both rules.', 'rule' : SHELL_GET_EXPRESSION('is_both'), 'score' : 50 } ] +[Stellar]>>> rules := [ { 'name' : 'is non-us', 'rule' : SHELL_GET_EXPRESSION('non_us'), 'score' : 10 } , { 'name' : 'is local', 'rule' : SHELL_GET_EXPRESSION('is_local'), 'score' : 20 } , { 'name' : 'both non-us and local', 'comment' : 'union of both rules.', 'rule' : SHELL_GET_EXPRESSION('is_both'), 'score' : 50 } ] [Stellar]>>> # Now that we have our rules staged, we can add them to our config. [Stellar]>>> squid_enrichment_config_new := THREAT_TRIAGE_ADD( squid_enrichment_config_new, rules ) [Stellar]>>> THREAT_TRIAGE_PRINT(squid_enrichment_config_new) @@ -1020,7 +1020,7 @@ SION('is_both') ] ) 1. Add a few triage rules. ``` - [Stellar]>>> THREAT_TRIAGE_ADD(t, {"name":"rule1", "rule":"value>10", + [Stellar]>>> THREAT_TRIAGE_ADD(t, {"name":"rule1", "rule":"value>10", "score":10}) ``` ``` [Stellar]>>> THREAT_TRIAGE_ADD(t, {"name":"rule2", "rule":"value>20", "score":20})
