overwrites-custom-misp.xml

<!-- Custom overwrites for MISP -->

<group name="overwrites-misp,">
  <rule id="116001" level="4">
    <if_sid>119003</if_sid>
    <field name="misp.value" type="pcre2">cdn.discordapp.com|discord.com|discord.gg</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
  <rule id="116002" level="4">
    <if_sid>119003</if_sid>
    <!-- <field name="misp.source.description" type="pcre2">Sysmon - Event 22: DNS Query for google.com by C:\\\\Program Files\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe</field> -->
    <field name="misp.value" type="pcre2">google.com|www.google.com</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
  <rule id="116003" level="4">
    <if_sid>119003</if_sid>
    <field name="misp.source.description" type="pcre2">.+C:\\\\Program Files \(x86\)\\\\PRTG Network Monitor\\\\PRTG Probe\.exe</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
    <rule id="116004" level="4">
    <if_sid>119003</if_sid>
    <field name="misp.value">dc</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
  <rule id="116005" level="4">
    <if_sid>119003</if_sid>
    <field name="misp.type">sha256</field>
    <field name="misp.value">e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
  <rule id="116006" level="4">
    <if_sid>119003</if_sid>
    <field name="misp.type.value" type="pcre2">127\.0\.0\.1|0\.0\.0\.0|192\.168\.1\.\d</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
  <rule id="116007" level="4">
    <if_sid>119003</if_sid>
    <field name="misp.value" type="pcre2">php.net|www.php.net</field>
    <description>Ignoring MISP IoC for $(misp.value)</description>
  </rule>
</group>