from 李林原

src/O365_detection_rules.json

@@ -1,4 +1,6 @@
-[
+{
+    "description": "此 JSON 文件包含与 O365 安全检测相关的规则，每条规则包括名称、严重性等级和查询语句。",
+    "rules": [
         {
             "name": "Suspicious User Agent",
             "severity": "High",
@@ -94,6 +96,5 @@
             "severity": "High",
             "query": "SELECT * FROM events WHERE ( Operation LIKE '%Disable Strong Authentication.%' ) "
         }
-
-
-]
+    ]
+}