3fc34b86f2
Update License to Elastic v2 ( #944 )
2021-03-03 22:12:11 -09:00
0ed1e1df71
Add support to validate against dev ECS and beats schemas ( #691 )
2020-12-08 13:29:56 -09:00
6a296c64c5
[New Rule] Microsoft 365 Exchange DKIM Signing Configuration Disabled ( #578 )
...
* [New Rule] O365 Exchange DKIM Signing Configuration Disabled
* rebrand to m365
* still req non ecs schema
* Remove the ECS override
* Update _flatten_schema logic
* Allow fields with * in the path
* Allow explicit fields to overwrite implicit * fields
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
2020-12-08 16:38:00 -05:00
97ee8cc9ac
Refresh beats and ecs schemas and default to use latest to validate ( #570 )
...
* Refresh beats and ecs schemas and default to use latest to validate
* remove incorrect ecs_version from zoom rule
* remove stale ecs_version from rules
2020-12-01 13:24:20 -09:00
9d22970e21
Add EQL rules and schema validation ( #297 )
...
* Add EQL rules and schema validation
* Lint nitpick
* Rename get_schema_from_eql
* Add EQL default language
* Rename parsed_kql to parsed_query
* Fix parsed_kql method call in loader
* Autopopulate dependent values
2020-09-16 08:36:48 -06:00
db4f50d4b8
Improve the validation and testing time ( #61 )
...
* Improve the validation and testing time
* Lint fix
* Cache schema validation
2020-07-15 08:05:55 -06:00
e0f2e8b4a9
Add dataset and index to network rules ( #15 )
...
* Add dataset and index to network rules
* Restore iptables changes
* Fix beats parsing logic
* Updated date and ECS version
* Only update modules if empty
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
2020-07-08 13:19:35 -06:00
3b305d3003
Add rule loader and dependencies
...
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-06-29 23:17:42 -06:00
Justin Ibarra