security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Incorrect Integration Index Check (#3794)

Browse Source 
(cherry picked from commit 675cad2ed4)
This commit is contained in:
shashank-elastic
2024-06-21 18:29:39 +05:30
committed by github-actions[bot]
parent 24358ceb79
commit c83a5a614b
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_all_rules.py
+6 -2
View File
@@ -679,15 +679,19 @@ class TestRuleMetadata(BaseRuleTest):
failures.append(err_msg)
# checks if an index pattern exists if the package integration tag exists
# and is of pattern logs-{integration}*
integration_string = "|".join(indices)
if not re.search(rule_integration, integration_string):
if not re.search(f"logs-{rule_integration}*", integration_string):
if rule_integration == "windows" and re.search("winlog", integration_string) or \
any(ri in [*map(str.lower, definitions.MACHINE_LEARNING_PACKAGES)]
for ri in rule_integrations):
continue
elif rule_integration == "apm" and \
re.search("apm-*-transaction*|traces-apm*", integration_string):
continue
elif rule.contents.data.type == 'threat_match':
continue
err_msg = f'{self.rule_str(rule)} {rule_integration} tag, index pattern missing.'
err_msg = f'{self.rule_str(rule)} {rule_integration} tag, index pattern missing or incorrect.'
failures.append(err_msg)
# checks if event.dataset exists in query object and a tag exists in metadata