Zion Boggan
repos/soc-automation-lab/config/wazuh/decoders/local_decoder.xml
zionboggan.com ↗
Code Commits Tags
9 lines · xml
History for this file →
1
<decoder name="thehive-responder">
2
  <prematch>^thehive:</prematch>
3
</decoder>
4
5
<decoder name="thehive-responder-fields">
6
  <parent>thehive-responder</parent>
7
  <regex>caseId=(\S+) action=(\S+) analyst=(\S+)</regex>
8
  <order>case_id, response_action, analyst</order>
9
</decoder>