security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Remove OSQuery/Investigate Plugin disclaimer enforcement (#5921)

Browse Source 
* Remove OSQuery/Investigate Plugin disclaimer enforcement

* Update pyproject.toml
This commit is contained in:
Jonhnathan
2026-04-06 10:53:00 -03:00
committed by GitHub
parent 48128c1c66
commit c78c6363b0
2 changed files with 2 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pyproject.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[project] [project]
name = "detection_rules" name = "detection_rules"
version = "1.6.11" version = "1.6.12"
description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Securitys Detection Engine." description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Securitys Detection Engine."
readme = "README.md" readme = "README.md"
requires-python = ">=3.12" requires-python = ">=3.12"
tests/test_all_rules.py
+1 -34
View File
@@ -1440,40 +1440,7 @@ class TestInvestigationGuide(BaseRuleTest):
class TestNoteMarkdownPlugins(BaseRuleTest): class TestNoteMarkdownPlugins(BaseRuleTest):
"""Test if a guide containing Osquery Plugin syntax contains the version note.""" """Test investigation guide markdown plugin syntax and placeholders."""
def test_note_has_osquery_warning(self):
"""Test that all rules with osquery entries have the default notification of stack compatibility."""
osquery_note_pattern = (
"> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin]"
"(https://www.elastic.co/guide/en/security/current/invest-guide-run-osquery.html) "
"introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display "
"unrendered Markdown in this guide."
)
invest_note_pattern = (
"> This investigation guide uses the [Investigate Markdown Plugin]"
"(https://www.elastic.co/guide/en/security/current/interactive-investigation-guides.html)"
" introduced in Elastic Stack version 8.8.0. Older Elastic Stack versions will display "
"unrendered Markdown in this guide."
)
for rule in self.all_rules:
if not rule.contents.get("transform"):
continue
osquery = rule.contents.transform.get("osquery")
if osquery and osquery_note_pattern not in rule.contents.data.note:
self.fail(
f"{self.rule_str(rule)} Investigation guides using the Osquery Markdown must contain "
f"the following note:\n{osquery_note_pattern}"
)
investigate = rule.contents.transform.get("investigate")
if investigate and invest_note_pattern not in rule.contents.data.note:
self.fail(
f"{self.rule_str(rule)} Investigation guides using the Investigate Markdown must contain "
f"the following note:\n{invest_note_pattern}"
)
def test_plugin_placeholders_match_entries(self): def test_plugin_placeholders_match_entries(self):
"""Test that the number of plugin entries match their respective placeholders in note.""" """Test that the number of plugin entries match their respective placeholders in note."""