security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
198 Commits 1 Branch 0 Tags
a679207413bed5ca2e0809fa2eb3e735a58fd4a5
Commit Graph

5 Commits

Author SHA1 Message Date
Justin Ibarra 065bcd8018 Refresh ATT&CK data to v7.2 and expand threat validation (#330) 
* refresh to latest ATT&CK 7.2
* add new unit test to further validate threat mappings
* updated threat mappings in rules to reflect changes
* new func to download and refresh mitre data based on version
 2020-09-23 22:03:29 -08:00
Ross Wolf 9d22970e21 Add EQL rules and schema validation (#297) 
* Add EQL rules and schema validation
* Lint nitpick
* Rename get_schema_from_eql
* Add EQL default language
* Rename parsed_kql to parsed_query
* Fix parsed_kql method call in loader
* Autopopulate dependent values
 2020-09-16 08:36:48 -06:00
Ross Wolf a99b7c96fe Merge branch '7.9' into main 2020-08-03 14:03:15 -06:00
Ross Wolf 0455307577 Downgrade rule version before uploading to Kibana (#97) 
* Downgrade version before uploading to Kibana
* Update downgrade exception format
* Update s/siem/detection

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-07-28 11:03:47 -06:00
Ross Wolf d15da0ada1 Add versioned schemas with a downgrade path (#84) 
* Add versioned schemas with a downgrade path
* Remove and move unused variables
* Add missing license
* Skip NotField for output_index
* Add strip_additional_properties for kibana import
* Remove stray comment
* Apply suggestions from code review

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-07-23 11:39:35 -06:00