soc-ops/global/overlay/etc/puppet/modules/soc/files/intelmq/modify.conf

[
    {
        "rulename": "ramnit",
        "if": {
            "malware.name": "ramnit-.*$"
        },
        "then": {
            "classification.identifier": "ramnit"
        }
    },
    {
        "rulename": "default",
        "if": {
            "malware.name": ".*",
            "classification.taxonomy": "malicious code",
            "classification.identifier": ""
        },
        "then": {
            "classification.identifier": "{msg[malware.name]}"
        }
    }
]
Fixing with last rules. 2024-11-21 12:43:54 +01:00			`[`
			`{`
			`"rulename": "ramnit",`
			`"if": {`
			`"malware.name": "ramnit-.*$"`
			`},`
			`"then": {`
			`"classification.identifier": "ramnit"`
			`}`
			`},`
			`{`
			`"rulename": "default",`
			`"if": {`
			`"malware.name": ".*",`
			`"classification.taxonomy": "malicious code",`
			`"classification.identifier": ""`
			`},`
			`"then": {`
			`"classification.identifier": "{msg[malware.name]}"`
			`}`
			`}`
			`]`