Add logsource attribute rule test

2020-07-13 17:02:28 -04:00
parent 04fd598bcf
commit 9eb5d8da4d
1 changed files with 9 additions and 0 deletions
@@ -513,6 +513,15 @@ class TestRules(unittest.TestCase):
        self.assertEqual(faulty_rules, [], Fore.RED + 
                         "There are rules with non-conform 'title' fields. Please check: https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide#title")

+    def test_invalid_logsource_attributes(self):
+        faulty_rules = []
+        for file in self.yield_next_rule_file_path(self.path_to_rules):
+            logsource = self.get_rule_part(file_path=file, part_name="logsource")
+            for key in logsource:
+                if key.lower() not in ['category', 'product', 'service', 'definition']:
+                    print(Fore.RED + "Rule {} has a logsource with an invalid field ({})".format(file, key))
+
+
 if __name__ == "__main__":
    init(autoreset=True)
    unittest.main()