sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
eric-forte-elastic	6449cecd08	[FR] Add support for building block rules (BBR) (#2822 ) * added test bbr * initial implementation * Added Unit test and exempted bbr from integrations * fixed linting * Add schema validation to building block rules * add separate error messages * fixed linting * Add testing bbr validation * fixed linting * Add default values * fixed linting * added defaults * fixed linting * cleaned up test rule * removed .gitkeep * read .gitkeep * Switch to using validates_schema * addressing some linting * fixed linting * Update detection_rules/schemas/definitions.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * add env variable check * fix skip function * updated name * Update detection_rules/schemas/definitions.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Add bbr validation unit test * Clean up comments * fix linting * Move convert time to utils * Moved to rules_building_block * Add check for only bbr in bbr dir * fix linting * additional linting fix * Changed to bbr rule loader * fixed bbr default * Updated error messages and README * fixed more linting * Updating root level README * Fixed convert_time_span calls * fixed typo in unit test logic and updated txt * fixed error message * updated comment for clarity * Update detection_rules/rule.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Update detection_rules/rule.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Updated validation methods for clarity * fix doctring location * Fixed typo * updated error messages. * removed excess whitespace * Add per rule bypass * Add single rule bypass * Split unit tests * Update detection_rules/rule.py Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Update detection_rules/rule.py Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> --------- Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>	2023-06-20 09:00:30 -04:00

Author

SHA1

Message

Date

eric-forte-elastic

6449cecd08

[FR] Add support for building block rules (BBR) (#2822 )

* added test bbr

* initial implementation

* Added Unit test and exempted bbr from integrations

* fixed linting

* Add schema validation to building block rules

* add separate error messages

* fixed linting

* Add testing bbr validation

* fixed linting

* Add default values

* fixed linting

* added defaults

* fixed linting

* cleaned up test rule

* removed .gitkeep

* read .gitkeep

* Switch to using validates_schema

* addressing some linting

* fixed linting

* Update detection_rules/schemas/definitions.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* add env variable check

* fix skip function

* updated name

* Update detection_rules/schemas/definitions.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Add bbr validation unit test

* Clean up comments

* fix linting

* Move convert time to utils

* Moved to rules_building_block

* Add check for only bbr in bbr dir

* fix linting

* additional linting fix

* Changed to bbr rule loader

* fixed bbr default

* Updated error messages and README

* fixed more linting

* Updating root level README

* Fixed convert_time_span calls

* fixed typo in unit test logic and updated txt

* fixed error message

* updated comment for clarity

* Update detection_rules/rule.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/rule.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Updated validation methods for clarity

* fix doctring location

* Fixed typo

* updated error messages.

* removed excess whitespace

* Add per rule bypass

* Add single rule bypass

* Split unit tests

* Update detection_rules/rule.py

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* Update detection_rules/rule.py

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

2023-06-20 09:00:30 -04:00

1 Commits