diff --git a/Makefile b/Makefile index 097c8a8a3..88f7e370b 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ ### detection-rules ################# +APP_NAME := detection-rules VENV := ./env/detection-rules-build VENV_BIN := $(VENV)/bin PYTHON := $(VENV_BIN)/python @@ -26,7 +27,7 @@ deps: $(VENV) $(PIP) install lib/kql .PHONY: hunting-deps -deps: $(VENV) +hunting-deps: $(VENV) @echo "Installing all dependencies..." $(PIP) install .[hunting] @@ -58,13 +59,13 @@ test-remote-cli: $(VENV) deps @./detection_rules/etc/test_remote_cli.bash .PHONY: test-hunting-cli -test-remote-cli: $(VENV) hunting-deps +test-hunting-cli: $(VENV) hunting-deps @echo "Executing test_hunting_cli script..." @./detection_rules/etc/test_hunting_cli.bash .PHONY: release release: deps - @echo "RELEASE: $(app_name)" + @echo "RELEASE: $(APP_NAME)" $(PYTHON) -m detection_rules dev build-release --generate-navigator rm -rf dist mkdir dist diff --git a/detection_rules/etc/test_hunting_cli.bash b/detection_rules/etc/test_hunting_cli.bash index 834ea6238..bb7d7a765 100755 --- a/detection_rules/etc/test_hunting_cli.bash +++ b/detection_rules/etc/test_hunting_cli.bash @@ -15,11 +15,11 @@ echo "Refreshing index" python -m hunting refresh-index echo "Generating Markdown: initial_access_higher_than_average_failed_authentication.toml" -python -m hunting generate-markdown /Users/tdejesus/code/src/detection-rules/hunting/okta/queries/initial_access_higher_than_average_failed_authentication.toml +python -m hunting generate-markdown hunting/okta/queries/initial_access_higher_than_average_failed_authentication.toml echo "Running Query: low_volume_external_network_connections_from_process.toml" echo "Requires .detection-rules-cfg.json credentials file set." -python -m hunting run-query --file-path /Users/tdejesus/code/src/detection-rules/hunting/linux/queries/low_volume_external_network_connections_from_process.toml --all +python -m hunting run-query --file-path hunting/linux/queries/low_volume_external_network_connections_from_process.toml --all echo "Viewing Hunt: 12526f14-5e35-4f5f-884c-96c6a353a544" python -m hunting view-hunt --uuid 12526f14-5e35-4f5f-884c-96c6a353a544 --format json diff --git a/hunting/markdown.py b/hunting/markdown.py index 9a139e8f8..19c0c5799 100644 --- a/hunting/markdown.py +++ b/hunting/markdown.py @@ -93,7 +93,7 @@ class MarkdownGenerator: entry = { 'name': hunt_config.name, - 'path': f"./{toml_path.relative_to(self.base_path).as_posix()}", + 'path': f"./{toml_path.resolve().relative_to(self.base_path).as_posix()}", 'mitre': hunt_config.mitre } diff --git a/pyproject.toml b/pyproject.toml index c3241b51d..010820e79 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "detection_rules" -version = "1.2.14" +version = "1.2.15" description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine." readme = "README.md" requires-python = ">=3.12"