 Florian Roth
|
d3ee1aba66
|
docs: MITRE ATT&CK(R) trademark references removed or adjusted
https://github.com/Neo23x0/sigma/issues/1028
|
2020-09-30 08:53:52 +02:00 |
|
|
Florian Roth
|
8970d03f6f
|
Merge pull request #952 from Neo23x0/devel
feat: Detect duplicate rule tags
|
2020-07-28 10:21:59 +02:00 |
|
|
Florian Roth
|
051e2ce905
|
feat: detect duplicate tags
|
2020-07-27 11:37:58 +02:00 |
|
|
Ryan Plas
|
de53a08746
|
Merge branch 'master' of github.com:Neo23x0/sigma
|
2020-07-15 10:27:33 -04:00 |
|
|
Florian Roth
|
71e66ea9ba
|
refactor: tests use live data from MITRE's TAXI service
|
2020-07-14 17:54:02 +02:00 |
|
|
Florian Roth
|
cf25b9c509
|
feat: filename test
|
2020-07-14 12:33:16 +02:00 |
|
|
Florian Roth
|
495376df77
|
refactor: references test without warnings for missing refs
|
2020-07-14 12:33:02 +02:00 |
|
|
Florian Roth
|
bae979f5c7
|
refactor: ignore sub techniques as long as we do not have a complete list
|
2020-07-14 11:56:28 +02:00 |
|
|
Ryan Plas
|
9eb5d8da4d
|
Add logsource attribute rule test
|
2020-07-13 17:02:28 -04:00 |
|
|
Florian Roth
|
b3e15eea68
|
fix: nested check
|
2020-07-13 18:49:00 +02:00 |
|
|
Florian Roth
|
91c0bea570
|
fix: typo and reordered
|
2020-07-13 18:22:47 +02:00 |
|
|
Florian Roth
|
758f5039b5
|
fix: no error on rules without references
|
2020-07-13 18:16:32 +02:00 |
|
|
Florian Roth
|
8d91659c2a
|
fix: typo in field value
|
2020-07-13 18:08:00 +02:00 |
|
|
Florian Roth
|
4c610ec693
|
feat: test references is list
|
2020-07-13 18:07:19 +02:00 |
|
|
Florian Roth
|
87ce5e5745
|
fix: missing MITRE ATT&CK IDs in test
|
2020-07-13 16:02:22 +02:00 |
|
|
Florian Roth
|
ab40cdbbd7
|
fix: missing ATT&CK id
|
2020-07-01 09:57:35 +02:00 |
|
|
Florian Roth
|
912ad94771
|
fix: missing ATT&CK id in tests
|
2020-06-19 10:00:44 +02:00 |
|
|
Ivan Kirillov
|
69760f6446
|
Added subtechniques to MITRE_TECHNIQUES
|
2020-06-17 11:51:48 -06:00 |
|
|
ecco
|
327a53c120
|
add new test for sysmon rules without eventid
|
2020-05-23 10:25:37 -04:00 |
|
|
ecco
|
2b89e56054
|
fix test
|
2020-05-23 10:03:13 -04:00 |
|
|
Florian Roth
|
0e1ff440db
|
fix: updated MITRE tags in test
|
2020-03-25 14:04:22 +01:00 |
|
|
Thomas Patzke
|
373424f145
|
Rule fixes
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
|
2020-02-20 23:00:16 +01:00 |
|
|
Thomas Patzke
|
d7bd90cb24
|
Merge branch 'master' into oscd
|
2020-02-03 23:13:16 +01:00 |
|
|
Thomas Patzke
|
815c562a17
|
Merge branch 'master' into oscd
|
2020-02-02 13:40:08 +01:00 |
|
|
Florian Roth
|
9876623710
|
doc: helpful link in error message
|
2020-02-01 15:43:11 +01:00 |
|
|
Florian Roth
|
1735614747
|
feat: rule title tests
|
2020-01-30 17:26:21 +01:00 |
|
|
Florian Roth
|
43af93a678
|
feat: detect missing date
|
2020-01-30 16:08:34 +01:00 |
|
|
Florian Roth
|
14e7b17eb9
|
feat: detect missing id
|
2020-01-30 16:08:24 +01:00 |
|
|
Florian Roth
|
93e1299010
|
style: PEP8 in test_rules.py
|
2020-01-30 16:08:10 +01:00 |
|
|
Florian Roth
|
f84b3abf2d
|
fix: missing commas in list
|
2020-01-30 08:56:13 +01:00 |
|
|
Florian Roth
|
aa5ce18abc
|
feat: support of new MITRE ATT&CK tags
|
2020-01-30 08:55:44 +01:00 |
|
|
Florian Roth
|
7bf472834b
|
feat: colorized error messages
|
2020-01-30 08:50:22 +01:00 |
|
|
Florian Roth
|
9d96b7c1a3
|
fix: print_error function not global
|
2020-01-30 08:39:58 +01:00 |
|
|
Florian Roth
|
fe6c30fa59
|
feat: colorized output in test
|
2020-01-30 08:37:47 +01:00 |
|
|
Florian Roth
|
5e59bbb3c3
|
Added MITRE ATT&CK Technique T1482
https://attack.mitre.org/techniques/T1482/
|
2019-12-28 16:02:26 +01:00 |
|
|
Thomas Patzke
|
397b3b8cc6
|
Updated rule test MITRE ATT&CK identifiers
|
2019-12-17 01:13:06 +01:00 |
|
|
Florian Roth
|
2cf6e16024
|
fix: missing new MITRE tactics category in tests
|
2019-11-14 23:31:38 +01:00 |
|
|
Thomas Patzke
|
238adf9eea
|
Improved rule test
* Added ATT&CK technique
* Removed invalid tags
|
2019-11-08 22:03:19 +01:00 |
|
|
Thomas Patzke
|
59a6a0c523
|
Added ATT&CK technique to rule test
|
2019-08-25 10:13:11 +02:00 |
|
|
Thomas Patzke
|
87abd20c0f
|
Removed deprecated PyYAML API from rule test
|
2019-04-22 23:21:08 +02:00 |
|
|
Florian Roth
|
d0950bd077
|
fix: yaml.load() issue
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
|
2019-04-21 20:30:31 +02:00 |
|
|
Tareq AlKhatib
|
7f4557d183
|
Enabled check for process_creation
|
2019-03-09 21:00:11 +03:00 |
|
|
Tareq AlKhatib
|
c3b079990a
|
Properly end anchored the regex
|
2019-03-09 19:23:50 +03:00 |
|
|
Tareq AlKhatib
|
be2ca8dc4d
|
Added checks for Sysmon 1 or EID 4688 instead of process_creation
|
2019-03-02 20:51:49 +03:00 |
|
|
Tareq AlKhatib
|
ae62acf3d2
|
Added a test for duplicate filters and a test for Source: Eventlog
|
2019-02-18 21:05:58 +03:00 |
|
|
Tareq AlKhatib
|
97b28f4308
|
Added a test for unnecessary use of '1 of them' in condition
|
2019-02-13 21:27:27 +03:00 |
|
|
Tareq AlKhatib
|
cd2af196e3
|
Corrected path to rules
|
2019-01-25 12:25:51 +03:00 |
|
|
Tareq AlKhatib
|
96220e776f
|
Added a test to check for duplicate filters in rules
|
2019-01-25 12:22:28 +03:00 |
|
|
Thomas Patzke
|
3c7f46a6cd
|
Added rule test to CI testing
|
2019-01-23 23:31:36 +01:00 |
|
|
Tareq AlKhatib
|
e3d61047bb
|
Added two tests. One for MITRE and another for file extension.
|
2019-01-22 21:25:13 +03:00 |
|