-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmkdocs.yml
136 lines (130 loc) · 4.06 KB
/
mkdocs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
site_name: Splunk RBA
site_description: >-
RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
edit_uri: edit/main/docs/
repo_url: https://github.com/splunk/rba
repo_name: splunk/rba
plugins:
- git-revision-date-localized:
type: date
fallback_to_build_date: true
enable_creation_date: true
- glightbox:
touchNavigation: true
loop: false
effect: zoom
slide_effect: slide
width: 100%
height: auto
zoomable: true
draggable: true
skip_classes:
- github-avatar
auto_caption: true
caption_position: bottom
- minify:
minify_html: true
- search
markdown_extensions:
- abbr
- admonition
- attr_list
- def_list
- footnotes
- md_in_html
- toc:
permalink: true
- pymdownx.betterem:
smart_enable: all
- pymdownx.caret
- pymdownx.critic
- pymdownx.details
- pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
- pymdownx.highlight:
anchor_linenums: true
line_spans: __span
pygments_lang_class: true
- pymdownx.inlinehilite
- pymdownx.keys
- pymdownx.mark
- pymdownx.smartsymbols
- pymdownx.superfences
- pymdownx.snippets:
auto_append:
- includes/abbreviations.md
- pymdownx.tabbed:
alternate_style: true
- pymdownx.tasklist:
custom_checkbox: true
- pymdownx.tilde
theme:
name: material
icon:
repo: fontawesome/brands/github
logo: assets/rba_community_small.png
favicon: assets/rba_community_small.png
features:
# - header.autohide
- content.action.edit
- navigation.indexes
- navigation.instant
- navigation.tabs
- navigation.sections
- navigation.top
- toc.integrate
- toc.follow
- navigation.tracking
- content.code.annotate
- content.code.copy
palette:
- media: "(prefers-color-scheme: light)"
scheme: default
primary: indigo
accent: indigo
toggle:
icon: material/weather-sunny
name: Switch to dark mode
- media: "(prefers-color-scheme: dark)"
scheme: slate
primary: indigo
accent: indigo
toggle:
icon: material/weather-night
name: Switch to light mode
extra_css:
- stylesheets/extra.css
extra:
social:
- icon: fontawesome/brands/github
link: https://github.com/splunk/rba
nav:
- Home: index.md
- Searches:
- searches/index.md
- Chaining behaviors: searches/this_then_that_alerts.md
- Deduplicate Notables: searches/deduplicate_notables.md
- Dynamic Drilldowns: searches/dynamic_drilldowns.md
- Essential RBA searches: searches/risk_guide_searches.md
- Integrate A&I into RiRs: searches/asset_and_identity_rir_logic.md
- Limit score stacking: searches/limit_score_stacking.md
- Naming SYSTEM/Unknown/Computer Accounts: searches/naming_system_unknown_computer_accounts.md
- Risk Incident Rules: searches/risk_incident_rule_ideas.md
- Risk info field: searches/risk_info_event_detail.md
- Risk Notable History: searches/risk_notable_history.md
- Threat Object Prevalence: searches/threat_object_prevalence.md
- Threat Object Types: searches/threat_object_types.md
- UBA-lite with Basic Statistics: searches/uba-lite_with_statistics.md
- Dashboards:
- dashboards/index.md
- ATT&CK Matrix Risk: dashboards/attack_matrix_risk.md
- Attribution Analytics: dashboards/audit_attribution_analytics.md
- EDR Allowlist: dashboards/edr_allowlist_dashboard.md
- RBA Data Source Review: dashboards/rba_data_source_overview.md
- Risk Attributions: dashboards/risk_attributions.md
- Risk Investigation: dashboards/risk_investigation.md
- Risk Notable Analysis: dashboards/risk_notable_analysis_dashboard.md
- Contributing:
- Contributing Guidelines: contributing/contributing-guidelines.md
- Contributors: contributing/contributors.md