065bcd8018
Refresh ATT&CK data to v7.2 and expand threat validation ( #330 )
...
* refresh to latest ATT&CK 7.2
* add new unit test to further validate threat mappings
* updated threat mappings in rules to reflect changes
* new func to download and refresh mitre data based on version
2020-09-23 22:03:29 -08:00
6ad3344af3
Collect unique query fields per rule ( #296 )
2020-09-23 14:36:34 -08:00
b8e0c379c5
Update packages.yml
2020-09-02 14:10:46 -05:00
aec3ec31b9
Merge branch '7.9' into main
2020-08-27 15:54:44 -08:00
4ffdc46ba7
Lock rule versions ( #207 )
2020-08-27 17:47:29 -05:00
79a0dfefbe
Add ECS 1.6.0 schema for validation testing ( #220 )
...
* Add ecs 1.6.0 and refresh master ecs (2.0.0)
* update rule metadata to use ecs_version 1.6.0
2020-08-27 11:54:49 -05:00
9b70383898
Refresh ecs master and add beats v7.8.1 schemas ( #156 )
2020-08-17 12:33:20 -05:00
69a5b7e409
Lock versions for 7.9 release
2020-08-04 13:35:14 -06:00
db4f50d4b8
Improve the validation and testing time ( #61 )
...
* Improve the validation and testing time
* Lint fix
* Cache schema validation
2020-07-15 08:05:55 -06:00
a2a0b2bf0c
[New Rule] AWS EC2 Snapshot Activity
...
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com >
2020-07-07 15:10:06 -06:00
e2d97b0a74
Remove unreachable and legacy code
...
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-06-30 10:12:23 -06:00
3b305d3003
Add rule loader and dependencies
...
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-06-29 23:17:42 -06:00
Justin Ibarra