| 1 | <!doctype html> |
| 2 | <html> |
| 3 | <head> |
| 4 | <meta charset="utf-8"> |
| 5 | <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| 6 | </head> |
| 7 | <body style="margin:0;padding:0;background:#f1f3f5;font-family:-apple-system,Segoe UI,Roboto,Helvetica,Arial,sans-serif;color:#1f2933;"> |
| 8 | <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background:#f1f3f5;padding:24px 0;"> |
| 9 | <tr><td align="center"> |
| 10 | <table role="presentation" width="640" cellpadding="0" cellspacing="0" style="background:#ffffff;border:1px solid #d9dee3;border-radius:8px;overflow:hidden;"> |
| 11 | <tr> |
| 12 | <td style="background:#16242f;padding:20px 28px;"> |
| 13 | <div style="color:#9fb3c8;font-size:12px;letter-spacing:1px;text-transform:uppercase;">CTI Detection Automation</div> |
| 14 | <div style="color:#ffffff;font-size:20px;font-weight:600;margin-top:4px;">Rule bundle pending approval</div> |
| 15 | </td> |
| 16 | </tr> |
| 17 | <tr> |
| 18 | <td style="padding:24px 28px 8px 28px;"> |
| 19 | <p style="margin:0 0 4px 0;font-size:14px;">A new detection bundle was generated from the live CTI feeds and is waiting for analyst review before it goes live.</p> |
| 20 | <table role="presentation" width="100%" style="margin-top:16px;font-size:13px;"> |
| 21 | <tr> |
| 22 | <td style="color:#627d98;padding:2px 0;">Bundle</td> |
| 23 | <td style="font-family:ui-monospace,SFMono-Regular,Menlo,monospace;">{{ bundle_id }}</td> |
| 24 | </tr> |
| 25 | <tr> |
| 26 | <td style="color:#627d98;padding:2px 0;">Generated</td> |
| 27 | <td>{{ generated_at }}</td> |
| 28 | </tr> |
| 29 | </table> |
| 30 | </td> |
| 31 | </tr> |
| 32 | <tr> |
| 33 | <td style="padding:8px 28px;"> |
| 34 | <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="margin:12px 0;"> |
| 35 | <tr> |
| 36 | <td id="stat-new" width="33%" style="background:#e3f9e5;border:1px solid #c1eac5;border-radius:6px;padding:12px;text-align:center;"> |
| 37 | <div style="font-size:26px;font-weight:700;color:#0b6b2e;">{{ diff.added }}</div> |
| 38 | <div style="font-size:11px;color:#3c6454;text-transform:uppercase;letter-spacing:0.5px;">new indicators</div> |
| 39 | </td> |
| 40 | <td width="8"></td> |
| 41 | <td width="33%" style="background:#fff4e6;border:1px solid #ffd8a8;border-radius:6px;padding:12px;text-align:center;"> |
| 42 | <div style="font-size:26px;font-weight:700;color:#a14d07;">{{ diff.removed }}</div> |
| 43 | <div style="font-size:11px;color:#8a5a1b;text-transform:uppercase;letter-spacing:0.5px;">aged out</div> |
| 44 | </td> |
| 45 | <td width="8"></td> |
| 46 | <td width="33%" style="background:#edf2f7;border:1px solid #d9dee3;border-radius:6px;padding:12px;text-align:center;"> |
| 47 | <div style="font-size:26px;font-weight:700;color:#334e68;">{{ diff.total }}</div> |
| 48 | <div style="font-size:11px;color:#52606d;text-transform:uppercase;letter-spacing:0.5px;">total in bundle</div> |
| 49 | </td> |
| 50 | </tr> |
| 51 | </table> |
| 52 | </td> |
| 53 | </tr> |
| 54 | <tr> |
| 55 | <td style="padding:8px 28px;"> |
| 56 | <div style="font-size:13px;font-weight:600;color:#334e68;margin-bottom:6px;">Indicators by type</div> |
| 57 | <table role="presentation" width="100%" style="border-collapse:collapse;font-size:13px;"> |
| 58 | {% for kind, count in counts.items() %} |
| 59 | <tr> |
| 60 | <td style="padding:6px 0;border-bottom:1px solid #eef1f4;font-family:ui-monospace,Menlo,monospace;">{{ kind }}</td> |
| 61 | <td style="padding:6px 0;border-bottom:1px solid #eef1f4;text-align:right;">{{ count }}</td> |
| 62 | </tr> |
| 63 | {% endfor %} |
| 64 | </table> |
| 65 | </td> |
| 66 | </tr> |
| 67 | <tr> |
| 68 | <td style="padding:16px 28px;"> |
| 69 | <div style="font-size:13px;font-weight:600;color:#334e68;margin-bottom:6px;">ATT&CK techniques extracted</div> |
| 70 | <table id="ttp-table" role="presentation" width="100%" style="border-collapse:collapse;font-size:12px;"> |
| 71 | <tr style="color:#627d98;text-align:left;"> |
| 72 | <th style="padding:4px 0;font-weight:600;">Technique</th> |
| 73 | <th style="padding:4px 0;font-weight:600;">Tactic</th> |
| 74 | <th style="padding:4px 0;font-weight:600;text-align:right;">Hits</th> |
| 75 | </tr> |
| 76 | {% for t in techniques %} |
| 77 | <tr> |
| 78 | <td style="padding:4px 0;border-top:1px solid #eef1f4;font-family:ui-monospace,Menlo,monospace;">{{ t.technique_id }}</td> |
| 79 | <td style="padding:4px 0;border-top:1px solid #eef1f4;">{{ t.tactic }}</td> |
| 80 | <td style="padding:4px 0;border-top:1px solid #eef1f4;text-align:right;">{{ t.indicator_count }}</td> |
| 81 | </tr> |
| 82 | {% endfor %} |
| 83 | </table> |
| 84 | </td> |
| 85 | </tr> |
| 86 | <tr> |
| 87 | <td align="center" style="padding:8px 28px 28px 28px;"> |
| 88 | <a id="cta" href="{{ review_url }}" style="display:inline-block;background:#1c7ed6;color:#ffffff;text-decoration:none;font-size:15px;font-weight:600;padding:13px 32px;border-radius:6px;">Review and approve</a> |
| 89 | <div style="font-size:11px;color:#9aa5b1;margin-top:12px;">Rules stay in the candidate directory until approved. Nothing is deployed to Wazuh automatically.</div> |
| 90 | </td> |
| 91 | </tr> |
| 92 | </table> |
| 93 | </td></tr> |
| 94 | </table> |
| 95 | </body> |
| 96 | </html> |