frack113
48baf1187b
update: File Enumeration Via Dir Command - Update logic to use a wildcard in addition, for better accuracy. chore: update multiple rules to use the windash modifier --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
82 lines
3.5 KiB
YAML
82 lines
3.5 KiB
YAML
validators:
|
|
- all_of_them_condition
|
|
- attacktag
|
|
- cartag
|
|
- control_character
|
|
- custom_attributes
|
|
- cvetag
|
|
- dangling_detection
|
|
- date_existence
|
|
- description_existence
|
|
- description_length
|
|
- detection_tag
|
|
- double_wildcard
|
|
- duplicate_filename
|
|
- duplicate_references
|
|
- duplicate_tag
|
|
- duplicate_title
|
|
- escaped_wildcard
|
|
- filename_lengh
|
|
- filename_sigmahq
|
|
- identifier_existence
|
|
- identifier_uniqueness
|
|
- level_existence
|
|
- number_as_string
|
|
- status_existence
|
|
- status_unsupported
|
|
- stptag
|
|
- them_condition_with_single_detection
|
|
- tlptag
|
|
- wildcards_instead_of_modifiers
|
|
|
|
exclusions:
|
|
# escaped_wildcard
|
|
021310d9-30a6-480a-84b7-eaa69aeb92bb: escaped_wildcard
|
|
1114e048-b69c-4f41-bc20-657245ae6e3f: escaped_wildcard
|
|
204b17ae-4007-471b-917b-b917b315c5db: escaped_wildcard
|
|
214e8f95-100a-4e04-bb31-ef6cba8ce07e: escaped_wildcard
|
|
220457c1-1c9f-4c2e-afe6-9598926222c1: escaped_wildcard
|
|
252902e3-5830-4cf6-bf21-c22083dfd5cf: escaped_wildcard
|
|
2d3cdeec-c0db-45b4-aa86-082f7eb75701: escaped_wildcard
|
|
304810ed-8853-437f-9e36-c4975c3dfd7e: escaped_wildcard
|
|
31d68132-4038-47c7-8f8e-635a39a7c174: escaped_wildcard
|
|
32d56ea1-417f-44ff-822b-882873f5f43b: escaped_wildcard
|
|
4281cb20-2994-4580-aa63-c8b86d019934: escaped_wildcard
|
|
434c08ba-8406-4d15-8b24-782cb071a691: escaped_wildcard
|
|
435e10e4-992a-4281-96f3-38b11106adde: escaped_wildcard
|
|
52d8b0c6-53d6-439a-9e41-52ad442ad9ad: escaped_wildcard
|
|
586a8d6b-6bfe-4ad9-9d78-888cd2fe50c3: escaped_wildcard
|
|
7857f021-007f-4928-8b2c-7aedbe64bb82: escaped_wildcard
|
|
7dc2dedd-7603-461a-bc13-15803d132355: escaped_wildcard
|
|
8fe1c584-ee61-444b-be21-e9054b229694: escaped_wildcard
|
|
904e8e61-8edf-4350-b59c-b905fc8e810c: escaped_wildcard
|
|
9637e8a5-7131-4f7f-bdc7-2b05d8670c43: escaped_wildcard
|
|
a36ce77e-30db-4ea0-8795-644d7af5dfb4: escaped_wildcard
|
|
a4824fca-976f-4964-b334-0621379e84c4: escaped_wildcard
|
|
a8f29a7b-b137-4446-80a0-b804272f3da2: escaped_wildcard
|
|
afe52666-401e-4a02-b4ff-5d128990b8cb: escaped_wildcard
|
|
c2993223-6da8-4b1a-88ee-668b8bf315e9: escaped_wildcard
|
|
c37510b8-2107-4b78-aa32-72f251e7a844: escaped_wildcard
|
|
c462f537-a1e3-41a6-b5fc-b2c2cef9bf82: escaped_wildcard
|
|
c73124a7-3e89-44a3-bdc1-25fe4df754b1: escaped_wildcard
|
|
f3f21ce1-cdef-4bfc-8328-ed2e826f5fac: escaped_wildcard
|
|
d84c0ded-edd7-4123-80ed-348bb3ccc4d5: escaped_wildcard
|
|
db885529-903f-4c5d-9864-28fe199e6370: escaped_wildcard
|
|
dd218fb6-4d02-42dc-85f0-a0a376072efd: escaped_wildcard
|
|
dde85b37-40cd-4a94-b00c-0b8794f956b5: escaped_wildcard
|
|
e06ac91d-b9e6-443d-8e5b-af749e7aa6b6: escaped_wildcard
|
|
f57f8d16-1f39-4dcb-a604-6c73d9b54b3d: escaped_wildcard
|
|
f6de6525-4509-495a-8a82-1f8b0ed73a00: escaped_wildcard
|
|
fb502828-2db0-438e-93e6-801c7548686d: escaped_wildcard
|
|
59e938ff-0d6d-4dc3-b13f-36cc28734d4e: escaped_wildcard
|
|
2e7bbd54-2f26-476e-b4a1-ba5f1a012614: escaped_wildcard
|
|
7c9340a9-e2ee-4e43-94c5-c54ebbea1006: escaped_wildcard
|
|
# number_as_string
|
|
5c84856b-55a5-45f1-826f-13f37250cf4e: number_as_string
|
|
85b88e05-dadc-430b-8a9e-53ff1cd30aae: number_as_string
|
|
# specific_instead_of_generic_logsource
|
|
693a44e9-7f26-4cb6-b787-214867672d3a: specific_instead_of_generic_logsource
|
|
23b71bc5-953e-4971-be4c-c896cda73fc2: specific_instead_of_generic_logsource
|
|
8ac03a65-6c84-4116-acad-dc1558ff7a77: specific_instead_of_generic_logsource
|
|
c3e5c1b1-45e9-4632-b242-27939c170239: specific_instead_of_generic_logsource
|