6ad3344af3
Collect unique query fields per rule ( #296 )
2020-09-23 14:36:34 -08:00
453553f685
Change the way we get environment variables ( #280 )
...
* Change the way we get environment variables
* Change environ to getenv
* Read from envvar, then config file
* Switch to get_path
* Lint: Remove unused import
* Add --cloud-id/--elasticsearch-url
* Fix comment copy-pasta
2020-09-16 10:23:22 -06:00
9d22970e21
Add EQL rules and schema validation ( #297 )
...
* Add EQL rules and schema validation
* Lint nitpick
* Rename get_schema_from_eql
* Add EQL default language
* Rename parsed_kql to parsed_query
* Fix parsed_kql method call in loader
* Autopopulate dependent values
2020-09-16 08:36:48 -06:00
6b7ea7e66c
Fix kibana-diff command ( #198 )
2020-09-02 12:19:17 -05:00
0455307577
Downgrade rule version before uploading to Kibana ( #97 )
...
* Downgrade version before uploading to Kibana
* Update downgrade exception format
* Update s/siem/detection
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-07-28 11:03:47 -06:00
16fb306254
Add command to upload to kibana ( #58 )
...
* Add upload command to kibana
* Restore skipped fields
* Change prefix to DR_
* Add note to manage_versions call
* Reorder requirements.txt to trigger build
2020-07-20 15:58:28 -06:00
119c98f05f
Package kibana index file with release rules ( #40 )
2020-07-08 18:58:00 -05:00
3b305d3003
Add rule loader and dependencies
...
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-06-29 23:17:42 -06:00
Justin Ibarra