jjegg
commented
7 years ago Wondering also, is there an way to configure the finding to be yellow or red?
Closed jjegg closed 7 years ago
jjegg
commented
7 years ago Wondering also, is there an way to configure the finding to be yellow or red?
l01cd3v
commented
7 years ago So the current RulesGenerator needs to be improved to support the new services added recently (I need to tweak the header bar to be shared between both HTML docs) but you'll have limited ability to create your own rule set as follow:
./Scout2RulesGenerator.py --ruleset-name demo
This will open an HTML page in your browser, where you can browse by service and enable/disable/configure each rule.
The yellow / red configuration is the level drop down on the right hand side of each rule:
Once you've browsed through all your rules, click on the "Generate Ruleset" link in the top right corner, which will trigger a file download.
Then you can run Scout2 as you would have before, but specify the new rule set file:
./Scout2.py --ruleset ~/Downloads/demo.json
If you already downloaded the configuration and don't want to re-fetch everything:
./Scout2.py --ruleset ~/Downloads/demo.json --local
I am wondering if there is an easy way to customize the report engine for the rules that I want to test without screwing up the framework entirely when it comes to updating it in the future? This would help us focus on some areas or domains that we are accepting the risk for.