Custom filters are YAML files with key-value pairs that define patterns and conditions
to detect events. Each file can only contain one filter.
Consider the following guidelines for creating custom filters.
-
Data must use 4 space indentation.Example:
detection: operation: eventname: 'string' -
Keys must use lowercase characters.Example:
title: id: description:
-
[Trend Micro Recommends]File names should use underscores instead of spaces.Example:
file_name -
The file extension should be
.yml.Example:possible_brute_force_attack.yml