81 lines
2.6 KiB
YAML
81 lines
2.6 KiB
YAML
display_information:
|
|
name: fylgja
|
|
description: threat detection engine bot
|
|
background_color: "#344d59"
|
|
features:
|
|
bot_user:
|
|
display_name: fylgja
|
|
always_online: false
|
|
slash_commands:
|
|
- command: /rule
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Convert, explain, search, view, or test Sigma rules
|
|
should_escape: false
|
|
- command: /sigma-create
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Convert a Sigma rule to configured output format
|
|
usage_hint: "[id]"
|
|
should_escape: false
|
|
- command: /sigma-details
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Get an explanation of a Sigma rule
|
|
usage_hint: "[id]"
|
|
should_escape: false
|
|
- command: /sigma-search
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Search for Sigma rules
|
|
usage_hint: "[keyword]"
|
|
should_escape: false
|
|
- command: /sigma-view
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: View rule definition
|
|
usage_hint: "[id] [space]"
|
|
should_escape: false
|
|
- command: /sigma-test
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Test a Sigma rule with event log
|
|
usage_hint: "[event log]"
|
|
should_escape: false
|
|
- command: /sigma-config
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Update Sigma rule conversion configuration
|
|
usage_hint: siem [value] OR lang [value] OR output [value] OR update
|
|
should_escape: false
|
|
- command: /sigma-stats
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Show stats about Sigma rules
|
|
should_escape: false
|
|
- command: /alerts
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: List alerts with IDs
|
|
usage_hint: "[space]"
|
|
should_escape: false
|
|
- command: /case
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Create an Elasticsearch case
|
|
usage_hint: "[id]"
|
|
should_escape: false
|
|
- command: /stats
|
|
url: http://SERVER_DOMAIN_NAME/slack/events
|
|
description: Show statistics
|
|
should_escape: false
|
|
oauth_config:
|
|
scopes:
|
|
bot:
|
|
- app_mentions:read
|
|
- chat:write
|
|
- im:history
|
|
- im:read
|
|
- commands
|
|
settings:
|
|
event_subscriptions:
|
|
request_url: http://SERVER_DOMAIN_NAME/slack/events
|
|
bot_events:
|
|
- app_mention
|
|
- message.im
|
|
interactivity:
|
|
is_enabled: true
|
|
request_url: http://SERVER_DOMAIN_NAME/slack/events
|
|
org_deploy_enabled: false
|
|
socket_mode_enabled: false
|
|
token_rotation_enabled: false
|