security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[DaC] Beta Release (#3889)

Browse Source 
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
This commit is contained in:
Eric Forte
2024-08-06 18:07:12 -04:00
committed by GitHub
parent f9717e71bb
commit 47d7a3acaa
48 changed files with 2957 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/developing.md
+12 -1
View File
@@ -33,10 +33,21 @@ relativeFrom = "now-48h/h"
relativeTo = "now"
```
Other transform suppoprt can be found under
Other transform support can be found under
`python -m detection-rules dev transforms -h`
#### Testing bypasses with environment variables
Using the environment variable `DR_BYPASS_NOTE_VALIDATION_AND_PARSE` will bypass the Detection Rules validation on the `note` field in toml files.
Using the environment variable `DR_BYPASS_BBR_LOOKBACK_VALIDATION` will bypass the Detection Rules lookback and interval validation
on the building block rules.
Using the environment variable `DR_BYPASS_TAGS_VALIDATION` will bypass the Detection Rules Unit Tests on the `tags` field in toml files.
Using the environment variable `DR_BYPASS_TIMELINE_TEMPLATE_VALIDATION` will bypass the timeline template id and title validation for rules.
## Using the `RuleResource` methods built on detections `_bulk_action` APIs