security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ESQL query validation against Elastic cluster (#4955)

Browse Source 
* Add remote ESQL validation
---------

Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
This commit is contained in:
Sergey Polzunov
2025-10-15 21:17:07 +02:00
committed by GitHub
parent 00ed573623
commit c7246313f7
22 changed files with 1513 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/pythonpackage.yml
+7
View File
@@ -37,6 +37,13 @@ jobs:
env:
# only run the test test_rule_change_has_updated_date on pull request events to main
GITHUB_EVENT_NAME: "${{ github.event_name}}"
# only run remote validation if repo is set to do so otherwise defer to .github/workflows/esql-validation.yml
DR_REMOTE_ESQL_VALIDATION: "${{ vars.remote_esql_validation }}"
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_KIBANA_URL: ${{ secrets.dr_cloud_id }}
DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id }}
run: |
python -m detection_rules test