THREAT-395 Correlation Rule Style Guide in repo

[akozlovets098]

Changes

• Added Correlation Rule Style Guide in repo

[arielkr256]

Should we create a /style_guides directory to put this and STYLE_GUIDE.md?

[cara-panther]

Should we create a /style_guides directory to put this and STYLE_GUIDE.md?

I would say: yes!

I also want to advocate for each guide linking to one another. because even if I know both guides exist, if I'm writing a CR, I might think oh, I only have to reference/abide by the CR guide. so it would be nice to have something near the top of the CR guide that says, like, "This guide provides specialized guidelines on writing CRs, which build upon the general detection writing best practices outlined in /regular-style-guide."

and then in the regular guide, I would love to see like "For specialized guidelines on writing correlation rules, see /cr_guide." or whatever

[akozlovets098]

@cara-panther Thank you for your comments! They made the guide look a lot better!

[github-actions[bot]]

:scream: looks like some things could be wrong with the packs

[github-actions[bot]]

:scream: looks like some things could be wrong with the packs