 Tobias Michalski
|
0b93aea4d0
|
chore: Offline Tests
|
2022-08-12 14:19:08 +02:00 |
|
|
phantinuss
|
32169dbc33
|
chore: harmonization of generic 'nt system' user checks
also a simple (non-commprehensive) test case to find
usages of localized user names
|
2022-05-27 15:16:31 +02:00 |
|
|
Paul Hager
|
9b80dd990a
|
added 'similar' related type
|
2022-05-24 09:51:48 +02:00 |
|
|
phantinuss
|
6f92a11c02
|
chore: test rules: check for all modifier with single item
|
2022-05-11 11:06:09 +02:00 |
|
|
phantinuss
|
112b715dd6
|
chore: test rules: reactivate single value list check
|
2022-05-10 17:13:04 +02:00 |
|
|
phantinuss
|
0b72aff084
|
chore: test rules: check title has no . in the end
|
2022-05-10 11:25:09 +02:00 |
|
|
phantinuss
|
b4fdb13e8a
|
chore: test rules: check for unused selections
|
2022-05-10 11:07:40 +02:00 |
|
|
phantinuss
|
654e9e9b9c
|
fix: typo
|
2022-05-09 16:13:53 +02:00 |
|
|
phantinuss
|
f6e893dde5
|
chore: test rules: check that title is given in the first line
|
2022-05-09 16:13:50 +02:00 |
|
|
phantinuss
|
3b556c728a
|
fix: DeprecationWarning: invalid escape sequence '\.'
|
2022-05-09 16:08:00 +02:00 |
|
|
phantinuss
|
ef3bc33288
|
fix: remove unneeded file read
|
2022-05-09 16:08:00 +02:00 |
|
|
phantinuss
|
b991a5be52
|
chore: test rules: warn on errors or invalid FP reasons
also adapted the existing rules to pass the tests
|
2022-05-09 16:07:55 +02:00 |
|
|
phantinuss
|
dbd68bf3f0
|
chore: test rules: capitalization on FP list entries
Entires to the false positive list should begin with
a capital letter. e.g. Unkown instead of unkown.
Fixed the existing rules accordingly
|
2022-05-09 16:07:44 +02:00 |
|
|
phantinuss
|
02fb704d9f
|
chore: remove trailing whitespace
|
2022-05-09 10:23:38 +02:00 |
|
|
Florian Roth
|
49502f3796
|
fix: wrong number of placeholders
|
2022-01-19 15:24:24 +01:00 |
|
|
Florian Roth
|
2a118e900a
|
refactor: added requirement, debug output for MITRE ATTCK eval
|
2022-01-19 15:21:50 +01:00 |
|
|
phantinuss
|
b6d4e39538
|
feat: check for the existence of a description field
it is not mandatory in the sigma standard but
mandatory for this repository
|
2022-01-12 12:55:49 +01:00 |
|
|
phantinuss
|
07a0a37273
|
feat: discourage the usage of 'all of them' and migrate existing rules to use the preferred method 'all of selection*'
|
2021-12-02 14:47:39 +01:00 |
|
|
frack113
|
c49b0d49fa
|
Add deprecated status
|
2021-10-28 20:08:27 +02:00 |
|
|
frack113
|
c0a3f7afdd
|
Remove my print debug
|
2021-10-26 12:25:26 +02:00 |
|
|
frack113
|
ba4bb061c7
|
Fix test_duplicate_detections for logsource
|
2021-10-26 12:22:18 +02:00 |
|
|
frack113
|
162d869e2b
|
Add cve tags
|
2021-10-25 18:14:03 +02:00 |
|
|
phantinuss
|
55f942b526
|
fix: change error message
|
2021-10-14 08:53:50 +02:00 |
|
|
phantinuss
|
9ddabe18ed
|
feat: testing for space in field names
|
2021-10-13 14:21:23 +02:00 |
|
|
frack113
|
759a715198
|
Add logsource to duplicate logic test
|
2021-10-04 20:34:45 +02:00 |
|
|
frack113
|
bcf40fa4e4
|
Fix logsource not a string
|
2021-09-27 18:59:05 +02:00 |
|
|
frack113
|
c59b0eb543
|
Merge pull request #2063 from frack113/last_global
Split Last Global Rules
|
2021-09-23 13:54:57 +02:00 |
|
|
frack113
|
595e4b9d6d
|
add duplicate name file check
|
2021-09-23 06:50:18 +02:00 |
|
|
frack113
|
5989127035
|
optimization of name detection
|
2021-09-22 19:02:44 +02:00 |
|
|
frack113
|
edb19013d5
|
fix test_file_names
|
2021-09-22 16:11:29 +02:00 |
|
|
frack113
|
e16e9e8ea7
|
fix timeframe compare error
|
2021-09-21 22:54:45 +02:00 |
|
|
frack113
|
29490f350d
|
fix NoneType object has no attribute get
|
2021-09-12 20:13:58 +02:00 |
|
|
frack113
|
e6d4cb15bd
|
fix NoneType error
|
2021-09-12 20:04:58 +02:00 |
|
|
frack113
|
97cd368064
|
update test_rules.py
|
2021-09-10 13:33:16 +02:00 |
|
|
phantinuss
|
abf40ecfbc
|
fix: typo in URL
|
2021-08-31 12:50:11 +02:00 |
|
|
frack113
|
3eb3377a7b
|
check valid date order
|
2021-08-26 06:51:37 +02:00 |
|
|
frack113
|
a4021842de
|
Fix invalid tags
|
2021-08-25 09:15:57 +02:00 |
|
|
frack113
|
5b869a3f42
|
Update cve tags
|
2021-08-24 10:50:01 +02:00 |
|
|
frack113
|
c2302a15da
|
fix cve tags
|
2021-08-24 10:10:45 +02:00 |
|
|
Austin Songer
|
e039f91272
|
Spelling
|
2021-08-18 19:00:57 +00:00 |
|
|
frack113
|
76d956e110
|
update test_missing_id
|
2021-08-16 18:12:17 +02:00 |
|
|
frack113
|
3900ba9e2c
|
add license test
|
2021-08-14 19:42:29 +02:00 |
|
|
frack113
|
db0de126a5
|
test author for Detection Rule License 1.1
|
2021-08-14 19:16:36 +02:00 |
|
|
frack113
|
e45557316e
|
Fix selection with only 1 element
|
2021-08-14 09:54:27 +02:00 |
|
|
frack113
|
5e5ac8479c
|
Add tlp and target Attribute
|
2021-08-11 14:26:20 +02:00 |
|
|
frack113
|
e098cdf3a1
|
fix url ref
|
2021-08-10 11:07:28 +02:00 |
|
|
frack113
|
ce17f8e9e2
|
add test_selection_list_one_value warning only
|
2021-08-10 10:21:22 +02:00 |
|
|
Florian Roth
|
9b7be5985e
|
Merge pull request #1773 from phantinuss/master
Two CobaltStrike BOF rules and a little fix on the local rule test script usage text
|
2021-08-05 15:42:47 +02:00 |
|
|
phantinuss
|
2866a1dbdc
|
fix: change howto to match current state of code
|
2021-07-28 15:13:55 +02:00 |
|
|
frack113
|
6b076d4360
|
Add test_optional_author
|
2021-07-27 19:14:00 +02:00 |
|