e8537460a3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
64 lines
1.4 KiB
JSON
64 lines
1.4 KiB
JSON
{
|
|
"schemaVersion": "notify.rule@1",
|
|
"ruleId": "rule-secops-critical",
|
|
"tenantId": "tenant-01",
|
|
"name": "Critical digests to SecOps",
|
|
"description": "Escalate KEV-tagged findings to on-call feeds.",
|
|
"enabled": true,
|
|
"match": {
|
|
"eventKinds": [
|
|
"scanner.report.ready",
|
|
"scheduler.rescan.delta"
|
|
],
|
|
"namespaces": [
|
|
"prod-*"
|
|
],
|
|
"repositories": [],
|
|
"digests": [],
|
|
"labels": [],
|
|
"componentPurls": [],
|
|
"minSeverity": "high",
|
|
"verdicts": [],
|
|
"kevOnly": true,
|
|
"vex": {
|
|
"includeAcceptedJustifications": false,
|
|
"includeRejectedJustifications": false,
|
|
"includeUnknownJustifications": false,
|
|
"justificationKinds": [
|
|
"component-remediated",
|
|
"not-affected"
|
|
]
|
|
}
|
|
},
|
|
"actions": [
|
|
{
|
|
"actionId": "email-digest",
|
|
"channel": "email:soc",
|
|
"digest": "hourly",
|
|
"template": "digest",
|
|
"enabled": true,
|
|
"metadata": {
|
|
"locale": "en-us"
|
|
}
|
|
},
|
|
{
|
|
"actionId": "slack-oncall",
|
|
"channel": "slack:sec-ops",
|
|
"template": "concise",
|
|
"throttle": "PT5M",
|
|
"metadata": {},
|
|
"enabled": true
|
|
}
|
|
],
|
|
"labels": {
|
|
"team": "secops"
|
|
},
|
|
"metadata": {
|
|
"source": "sprint-15"
|
|
},
|
|
"createdBy": "ops:zoya",
|
|
"createdAt": "2025-10-19T04:12:27+00:00",
|
|
"updatedBy": "ops:zoya",
|
|
"updatedAt": "2025-10-19T04:45:03+00:00"
|
|
}
|