security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,248 Commits 1 Branch 0 Tags
aa8239652ddb93ecd90d81ea3b2ed17dabd17623
Commit Graph

6 Commits

Author SHA1 Message Date
Mika Ayenson aa8239652d [FR] Add endgame schema validation to detection-rule query (#2257) 2022-10-19 09:54:47 -04:00
Mika Ayenson c76a397969 Add new required_fields as a build-time restricted field (#2059) 
* Add new `require_field` restricted field
* validate new fields against BaseRuleData schema and global constant

Co-authored-by: Terrance DeJesus <terrance.dejesus@elastic.co>
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
 2022-07-06 11:49:44 -04:00
Mika Ayenson 1f015ebe85 1554 update eql schemas to fail validation on text fields (#1866) 
* Ensure kql2eql conversion doesnt support `text` fields

* Add unit test cases for`text` not supported in eql

* test `field not recognized` in the rule_validator and output a verbose message.

* use elasticsearch_type_family to lookup text mappings

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2022-03-23 16:22:26 -04:00
Justin Ibarra 2e78da5c9a Prepare for creation of 8.1 branch (#1700) 2022-01-25 18:11:59 -09:00
Justin Ibarra 781953a0a0 Add min_stack_version to rule metadata (#1173) 
* Add min_stack_version to metadata of rule structure
* validate all "stack versions" between defined and current package
* Use master schemas if min_stack_version > current_package

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2021-06-30 13:26:27 -08:00
Ross Wolf 8789dd7c90 Separate out query validation from the class hierarchy (#1136) 
* Separate out query validation from the class hierarchy
* Rename to *RuleData for consistency
* Apply suggestions from code review
* Fix lint error
 2021-04-21 14:55:26 -06:00