fix[baclend]: solve sintax problems in rules

Author: Kbayero

backend/src/main/java/com/park/utmstack/service/DefinitionSyncService.java

@@ -93,7 +93,9 @@ private Set<Long> syncFilters() {
                     Optional<UtmDataTypes> dataTypeEntity = dataTypesRepository.findOneByDataType(dataTypeStr.toLowerCase());
 
                     String moduleName = null;
-                    if (dataTypeEntity.isPresent() && dataTypeEntity.get().getModule() != null) {
+                    if ("generic".equalsIgnoreCase(dataTypeStr)) {
+                        moduleName = "GENERIC";
+                    } else if (dataTypeEntity.isPresent() && dataTypeEntity.get().getModule() != null) {
                         moduleName = dataTypeEntity.get().getModule().getModuleName().toString();
                     }
 

rules/crowdstrike/multiple_authentication_failures_(possible_brute_force_attack).yml

@@ -15,8 +15,8 @@ where: >
   equals("log.metadataEventType", "AuthActivityAuditEvent") && 
   equals("log.eventSuccess", false) && 
   exists("origin.ip")
-correlation:
-  - indexPattern: v11-log-crowdstrike
+afterEvents:
+  - indexPattern: v11-log-crowdstrike-*
     within: now-15m
     count: 5
     with:

rules/netflow/netflow_icmp_tunnel.yml

@@ -2,7 +2,7 @@
 
 dataTypes:
   - netflow
-name: ICMP Tunneling Detection
+name: ICMP Tunneling Detection via NetFlow
 impact:
   confidentiality: 3
   integrity: 2

rules/nids/suricata/icmp_tunneling_detection.yml

@@ -2,7 +2,7 @@
 
 dataTypes:
   - suricata
-name: ICMP Tunneling Detection
+name: ICMP Tunneling Detection via Suricata
 impact:
   confidentiality: 3
   integrity: 2