-
|
Hello Everyone, Apologies this might be a silly question, but I'm new to using this project. In rule.yml files, are the identifiers and references sections auto-generated or manually filled? When I'm writing custom rules, omitting these sections doesn't affect compilation or execution, but it feels less professional. I'd like to include them, but I'm unsure what criteria to use for adding them. Could you provide some guidance? Thank you very much! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Thanks for your interest in the project For identifiers are added manually for select distributions mainly RHEL and SLE. They are only needed if you adding a rule to these distributions. As for references these are added based on what security standard the rule is based on / covers. For example, |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for taking the time to provide such a clear explanation. |
Beta Was this translation helpful? Give feedback.
Thanks for your interest in the project
For identifiers are added manually for select distributions mainly RHEL and SLE. They are only needed if you adding a rule to these distributions.
As for references these are added based on what security standard the rule is based on / covers. For example,
cis@rhel8comes from the CIS benchmark for RHEL 8. Those are usually manually added. But some polices like the STIG for RHEL 9 use automated assignment of the references.