Update vimProcessEventTemplate.yaml

SecureHats · Sep 27, 2023 · be942f3 · be942f3
1 parent 0fb14db
commit be942f3
Showing 1 changed file with 29 additions and 24 deletions.
diff --git a/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml
@@ -55,35 +55,40 @@ ParserParams:
   - Name: eventtype
     Type: string
     Default: '*'
+  - Name: disabled
+    Type: bool
+    Default: false
 ParserQuery: |
   let parser = (
-    starttime:datetime=datetime(null)
-    , endtime:datetime=datetime(null)
-    , srcipaddr_has_any_prefix:dynamic=dynamic([])
-    , commandline_has_any:dynamic=dynamic([])
-    , commandline_has_all:dynamic=dynamic([])
-    , actingprocess_has_any:dynamic=dynamic([])
-    , targetprocess_has_any:dynamic=dynamic([])
-    , parentprocess_has_any:dynamic=dynamic([])
-    , targetusername_has:string='*'
-    , actorusername_has:string='*'
-    , dvcipaddr_has_any_prefix:dynamic=dynamic([])
-    , eventresult:string='*'
+    starttime:datetime                 = datetime(null)
+    , endtime:datetime                 = datetime(null)
+    , srcipaddr_has_any_prefix:dynamic = dynamic([])
+    , commandline_has_any:dynamic      = dynamic([])
+    , commandline_has_all:dynamic      = dynamic([])
+    , actingprocess_has_any:dynamic    = dynamic([])
+    , targetprocess_has_any:dynamic    = dynamic([])
+    , parentprocess_has_any:dynamic    = dynamic([])
+    , targetusername_has:string        = '*'
+    , actorusername_has:string         = '*'
+    , dvcipaddr_has_any_prefix:dynamic = dynamic([])
+    , eventresult:string               = '*'
+    , disabled:bool                    = false
   )
   {
     <parser query body>
   };
   parser (
-    starttime
-    , endtime
-    , scripaddr_has_any_prefix
-    , commandline_has_any
-    , commandline_has_all
-    , actingprocess_has_any
-    , targetprocess_has_any
-    , parentprocess_has_any
-    , targetusername_has
-    , actorusername_has
-    , dvcipaddr_has_any_prefix
-    , eventresult
+    starttime                   = starttime
+    , endtime                   = endtime
+    , scripaddr_has_any_prefix  = scripaddr_has_any_prefix
+    , commandline_has_any       = commandline_has_any
+    , commandline_has_all       = commandline_has_all
+    , actingprocess_has_any     = actingprocess_has_any
+    , targetprocess_has_any     = targetprocess_has_any
+    , parentprocess_has_any     = parentprocess_has_any
+    , targetusername_has        = targetusername_has
+    , actorusername_has         = actorusername_has
+    , dvcipaddr_has_any_prefix  = dvcipaddr_has_any_prefix
+    , eventresult               = eventresult
+    , disabled                  = disabled
   )