* Move etc directory under detection_rules
* Prepend original `etc` path with `detection_rules`
* Update docstrings in util and CODEOWNERS
* Add resiliency to tags to account for the old directory structure
* Bug fix: remove unused param caused by commit 6ed1a39efe
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* Generate attack layer files and build with package
* add update-navigator-gists command
* add workflow to update navigator gists on pushes to main
* Add coverage readme
* fix keys for links
* update navigator layer names
* purge gist files prior to update; add badge
* Update how the navigator links are displayed
* moved navigator code to dedicated and refactored to dataclasses
* convert gist links to permalink versions
* alphabetize; catch 404 for gist update
* Adding beaconing docs
* Adding a call out about import options
* Adding a note about the AD job
* Adding more clarity on the release bundle
* Update beaconing.md
* Update docs/experimental-machine-learning/beaconing.md
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
* create new cli commands
* add kibana object to create_dnstwist_rule
* Adding code for index-dnstwist-results
* Changed es to es_client
* Tested. it works!
* flake8-ed
* Adding timestamps
* use eql.utils.load_dump to load json file
* rename data to dnstwist_data
* start working on create-dnstwist-rule command
* add print statements for user
* tweak formatting for line length
* add template threat match rule file
* continue working on threat match rule creation
* create rule using TomlRuleContents
* save rule to toml file
* Moving rule creation to eswrap.py
* Moving create dnstwist rule stuff to eswrap
* Fixed imports
* flake8 fixes
* More flake8 fixes
* fix usage of @add_client('kibana')
* use ctx.invoke to upload rule
* cleanup record assembly and use bulk api
* swap order of notes in `note` for sample rule
* small modifications
* move command to root click group
* remove unused click group
* Update detection_rules/main.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* remove rule upload and convert template to ndjson
* Adding docs for typosquatting rule
* renaming the file
* Adding a note
* separate index and rule prep commands
* Final changes
Co-authored-by: Apoorva <appujo@gmail.com>
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
* move github and ml to their own files
* refactor release and ml commands
* update ML readmes
* add unzip_to_dict function
* prompt for model ID in remove-model
* update experimental rule upload process
* update remove-scripts-pipelines to take multiple options
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Co-authored-by: Apoorva <appujo@gmail.com>
* Add commands to generate index rules files or index them directly to elasticsearch
* files generated at package creation
* add readme explaining these index files
shashank-elastic