dbb420f79e
Co-authored-by: AlteredCoder Co-authored-by: erenJag
14 lines
419 B
YAML
14 lines
419 B
YAML
type: trigger
|
|
debug: true
|
|
name: test/simple-trigger
|
|
data:
|
|
- source_url: https://invalid.com/test.list
|
|
dest_file: simple-trigger-external-data/simple_patterns.txt
|
|
type: string
|
|
description: "Simple trigger with external data"
|
|
filter: "evt.Line.Labels.type =='testlog' && evt.Parsed.tainted_data in File('simple-trigger-external-data/simple_patterns.txt')"
|
|
groupby: evt.Meta.source_ip
|
|
labels:
|
|
type: overflow_1
|
|
|