security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,235 Commits 1 Branch 57 Tags
bcce3a85aa43a936412fd32ffdfd41ea71ce1e02
Commit Graph

143 Commits

Author SHA1 Message Date
Hendrik Baecker 9985905f54 rule_tests: Rule directory relative to test_* file 2023-01-04 16:25:07 +01:00
Hendrik Baecker c998945b34 test-rules: use cti directory relative to test file 
This little change will use 'cti/' relative to the executing
test_*.py file and doesn't care if the testfile is executed
from sigma/ or sigma/tests/.
 2023-01-04 16:02:57 +01:00
Hendrik Baecker 3da07164ce test-rules: Execute get_mitre_data() as part of unittest 
Catching the data as part of the unittest class is more
IDE friendly cause they won't call __main__ but using the
test methods directly.
 2023-01-04 15:58:35 +01:00
Nasreddine Bencherchali 3bd12552bb feat: add bitlocker channel 2023-01-02 22:19:32 +01:00
frack113 014684ddcd add win_dns_analytic_ prefix 2023-01-02 12:16:09 +01:00
frack113 4a0b571598 add new test 2022-12-30 16:31:41 +01:00
Nasreddine Bencherchali 58f47b9875 fix: add known children appvlp 2022-12-30 10:24:25 +01:00
Nasreddine Bencherchali 964da01186 fix: test logic 2022-12-29 18:27:58 +01:00
Nasreddine Bencherchali c2e8283806 fix: add missing try/except 2022-12-29 17:30:26 +01:00
Nasreddine Bencherchali d0920f0931 fix: small error in deletion 2022-12-29 17:23:38 +01:00
Nasreddine Bencherchali e20cb470cc fix: enhance element deletion 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-29 17:19:01 +01:00
Nasreddine Bencherchali 123202f112 feat: add file_access case in test 2022-12-29 15:30:57 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
frack113 a27dc6c43a Check for issue 3724 2022-12-22 08:46:25 +01:00
frack113 44a25df15f Check for issue 3724 2022-12-22 08:41:37 +01:00
Florian Roth b157bef3de fix: link to correct issue 2022-12-21 08:59:24 +01:00
Nasreddine Bencherchali ba3e985bed feat: multiple update and enhancements 2022-12-19 17:41:40 +01:00
Nasreddine Bencherchali 972720d42c fix: apply code review suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-19 10:17:49 +01:00
Nasreddine Bencherchali 1ccee514e2 feat: add duplicate titles test 2022-12-18 20:55:32 +01:00
Nasreddine Bencherchali a0e8019780 fix: issue raised by PR #3769 2022-12-09 10:33:33 +01:00
Nasreddine Bencherchali fa318243c2 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-08 19:22:11 +01:00
Nasreddine Bencherchali c560baf673 feat: enhance test 2022-12-08 16:23:48 +01:00
Nasreddine Bencherchali 2506d29bc9 feat: add more checks for the test 2022-12-08 11:57:26 +01:00
Nasreddine Bencherchali 9a5a0fed20 feat: update test to include more cases 2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali 0d3cb52266 feat: enhance typos test 2022-12-07 01:04:25 +01:00
Nasreddine Bencherchali e343d016e9 feat: change check to lower 2022-12-05 00:31:51 +01:00
Nasreddine Bencherchali 25c41ea73c fix: update error message 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-30 10:21:24 +01:00
Nasreddine Bencherchali c2e85f4080 feat: update the test to test for lowercase 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-30 10:06:10 +01:00
Nasreddine Bencherchali 18d974c751 feat: new test for references case 2022-11-29 23:29:38 +01:00
Nasreddine Bencherchali 1d7ee1cd19 feat: enhance duplicate test (#3736) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-29 13:47:09 +01:00
Nasreddine Bencherchali 7804decd2d feat: add more clarification to the test (#3710) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-18 11:15:50 +01:00
Nasreddine Bencherchali efe5babae5 fix: beautify regex 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-11 10:07:57 +01:00
Nasreddine Bencherchali f8e74858ae fix: add other letters 2022-11-11 09:49:53 +01:00
Nasreddine Bencherchali 8632b8ab17 fix: enhance mitre tag regex 2022-11-10 19:39:20 +01:00
phantinuss b44bced5ca enhance sigma rules tests 2022-10-21 17:29:34 +02:00
phantinuss b426785ba8 chore: new test for unknown value modifier 2022-10-11 16:25:03 +02:00
Tobias Michalski 0b93aea4d0 chore: Offline Tests 2022-08-12 14:19:08 +02:00
phantinuss 32169dbc33 chore: harmonization of generic 'nt system' user checks 
also a simple (non-commprehensive) test case to find
usages of localized user names
 2022-05-27 15:16:31 +02:00
Paul Hager 9b80dd990a added 'similar' related type 2022-05-24 09:51:48 +02:00
phantinuss 6f92a11c02 chore: test rules: check for all modifier with single item 2022-05-11 11:06:09 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss 0b72aff084 chore: test rules: check title has no . in the end 2022-05-10 11:25:09 +02:00
phantinuss b4fdb13e8a chore: test rules: check for unused selections 2022-05-10 11:07:40 +02:00
phantinuss 654e9e9b9c fix: typo 2022-05-09 16:13:53 +02:00
phantinuss f6e893dde5 chore: test rules: check that title is given in the first line 2022-05-09 16:13:50 +02:00
phantinuss 3b556c728a fix: DeprecationWarning: invalid escape sequence '\.' 2022-05-09 16:08:00 +02:00
phantinuss ef3bc33288 fix: remove unneeded file read 2022-05-09 16:08:00 +02:00
phantinuss b991a5be52 chore: test rules: warn on errors or invalid FP reasons 
also adapted the existing rules to pass the tests
 2022-05-09 16:07:55 +02:00
phantinuss dbd68bf3f0 chore: test rules: capitalization on FP list entries 
Entires to the false positive list should begin with
a capital letter. e.g. Unkown instead of unkown.

Fixed the existing rules accordingly
 2022-05-09 16:07:44 +02:00
phantinuss 02fb704d9f chore: remove trailing whitespace 2022-05-09 10:23:38 +02:00