security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,278 Commits 1 Branch 0 Tags
b0d3d7d960f759897fdb45ea5d7ddbbfbbf029d1
Commit Graph

17 Commits

Author SHA1 Message Date
Eric Forte bf3071d3d1 [FR] Add white space checking for KQL parse (#3789) 
* Add whitespace checking for KQL parse

* Add unit test for blank space check

* Bump patch version

* Add test cases for newline blank space

* Add additional unit tests

* Update to only walk tree once

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2025-07-31 14:23:53 -04:00
Eric Forte 03f977246f [FR] Updates to KQL Lib Parsing and Install (#3605) 
* Bump Version

* updated

* Bump patch version

* Optimization should only occur on single values

* Wildcard semantically equivalent to query_string*

* Add unit test for optimization

* Move code-checks to yml

* Add tests path to code-checks

* Add lib path for code-checks

* Install deps from local

* Update DSL optimization unit test

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2025-07-10 15:03:08 -04:00
Eric Forte 5b3dac0a14 [FR] Add Ability to Filter Rule Exports from Kibana (#4783) 
* Add ability to filter on custom rules and filter exports
 2025-06-09 12:21:15 -04:00
Frederik Berg 6cb238bedb [Enhancement] Add flag to export rules via KQL search on name (#4594) 
* Add flag to export rules via KQL search on name

* Add KQL to help text

Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>

* version patch bump

* flake8 trimming

* pyproject bump

* Bump version

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2025-04-16 18:40:46 -04:00
Sergey Polzunov 65170c394b fix: removing outdated code in Kibana client auth (#4495) 
* Simplify kibana session management

* Drop removed options from `kibana_args` set

* Style fix

* Patch version bump

* Bumping kibana lib version

* Relax CLI requirement, making `api_key` optional, to allow `help` to run
 2025-03-24 12:28:36 +01:00
Eric Forte 581ef73bc0 [FR] [DAC] Add id support (#4208) 2024-11-01 07:47:34 -04:00
Eric Forte 47d7a3acaa [DaC] Beta Release (#3889) 
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
 2024-08-06 18:07:12 -04:00
Justin Ibarra 361e97a256 [FR] Add API auth to Kibana module (#3815) 
* [FR] Add API auth to Kibana module

* update make file to properly install all deps

* Bump Kibana Version

---------

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
 2024-07-11 17:19:41 -04:00
Mika Ayenson 43b3a4b080 [Bug] Support spaces with capital letters (#3689) 2024-05-17 09:04:43 -05:00
Justin Ibarra c567d3731a Refresh Kibana module with API updates (#3466) 
* Refresh Kibana module with API updates
* add import/export commands
* rename repo commands
* add RawRuleCollection and DictRule objects
* save exported rules to files; rule.from_rule_resource
* strip unknown fields in schema
* add remote cli test
* update docs
* bump kibana lib version

---------

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
 2024-04-26 11:12:50 -06:00
Eric Forte 114db81f07 Bump KQL Version in Init (#3597) 2024-04-15 11:06:16 -04:00
Eric Forte e6f48ade01 Bump KQL lib Version (#3575) 2024-04-05 13:38:54 -04:00
Eric Forte 1566c29bae [Bug] KQL fails validation on uppercase keywords (#3568) 
* add todo

* Add a normalize_kql_keywords function to utils

* update rule loader to normalize and warn

* optimized loading

* fix linting

* Moved conversion to kql module.

* Updated unit test

* Refactor KQL parser to normalize keywords via flag

* Fix logic typo

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update lib/kql/kql/__init__.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Updated to fix unit tests and remove warnings

* linting typo

* Added comments

* remove unused imports

* Update kql.parse default

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
 2024-04-04 18:03:30 -04:00
Mika Ayenson 5c3523954e [FR] Update Python Dependency Versions (#3515) 2024-03-19 14:07:16 -05:00
Mika Ayenson d26981f712 [FR] Independently package kql / kibana and bump to py3.12 (#3514) 2024-03-14 20:18:32 -05:00
Mika Ayenson 3d2a36be32 Revert "[FR] Independently package kql / kibana and bump to py3.12 (#3492)" 
This reverts commit fc139fc3c2.
 2024-03-14 19:48:50 -05:00
Mika Ayenson fc139fc3c2 [FR] Independently package kql / kibana and bump to py3.12 (#3492) 2024-03-14 19:14:25 -05:00