Terrance DeJesus
50e23ba242
* updating python code for hunting library * fixed okta queries; added MITRE search capability * fixed hunting unit test imports * fixed duplicate UUID; fixed duplicate index entry bug * fixed technique finding sub-technique in search * added more unit tests * linted * flake errors addressed; fixed unit test import; fixed markdown generate bug * added description for generate-markdown command * updated README * adjusted YAML index, adjusted code for index changes * adjusted relative imports; updated CODEOWNERS * adding updates; moving to different branch for main dependencies * finished run-query command; made some code adjustments * removed some comments * revised makefile; fixed unit tests; adjusted detection rules pyproject * updated README * updated README * adjusted unit tests; adjusted hunt guidelines; updated makefile; adjusted several commands * adjusted package to be more object-oriented * removed unused variable * Add simple breakdown stats * addressed feedback; added keyword option for search * Update hunting/README.md Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Update detection_rules/etc/test_hunting_cli.bash Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com> * addressing feedback * addressed feedback * added message for unknown index; fixed function call * fixed search command * fixed flake error --------- Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
---
|
|
- "documentation":
|
|
- "./**/*.md"
|
|
- "schema":
|
|
- "detection_rules/beats.py"
|
|
- "detection_rules/etc/beats_schemas/**/*"
|
|
- "detection_rules/ecs.py"
|
|
- "detection_rules/etc/ecs_schemas/**/*"
|
|
- "detection_rules/etc/api_schemas/**/*"
|
|
- "detection_rules/schemas/**/*"
|
|
- "python":
|
|
- "detection_rules/**/*.py"
|
|
- "kibana/**/*.py"
|
|
- "kql/**/*.py"
|
|
- "RTA":
|
|
- "rta/**/*"
|
|
- "Hunting":
|
|
- "hunting/**/*"
|
|
|
|
# rules
|
|
- "bbr":
|
|
- "rules_building_block/*.toml"
|
|
- "Domain: Cloud":
|
|
- "rules/integrations/aws/**/*.toml"
|
|
- "rules/integrations/azure/**/*.toml"
|
|
- "rules/integrations/cyberarkpas/**/*.toml"
|
|
- "rules/integrations/gcp/**/*.toml"
|
|
- "rules/integrations/google_workspace/**/*.toml"
|
|
- "rules/integrations/o365/**/*.toml"
|
|
- "rules/integrations/okta/**/*.toml"
|
|
- "Domain: Endpoint":
|
|
- "rules/windows/**/*.toml"
|
|
- "rules/linux/**/*.toml"
|
|
- "rules/macos/**/*.toml"
|
|
- "ML":
|
|
- "rules/ml/**/*.toml"
|
|
- "rules/**/ml_*.toml"
|
|
- "OS: Linux":
|
|
- "rules/linux/**/*.toml"
|
|
- "OS: macOS":
|
|
- "rules/macos/**/*.toml"
|
|
- "OS: Windows":
|
|
- "rules/windows/**/*.toml"
|
|
- "Integration: AWS":
|
|
- "rules/integrations/aws/**/*.toml"
|
|
- "Integration: Azure":
|
|
- "rules/integrations/azure/**/*.toml"
|
|
- "Integration: Crowdstrike":
|
|
- "rules/integrations/crowdstrike/**/*.toml"
|
|
- "Integration: CyberArkPas":
|
|
- "rules/integrations/cyberarkpas/**/*.toml"
|
|
- "Integration: Endpoint":
|
|
- "rules/integrations/endpoint/**/*.toml"
|
|
- "Integration: GCP":
|
|
- "rules/integrations/gcp/**/*.toml"
|
|
- "Integration: Google Workspace":
|
|
- "rules/integrations/google_workspace/**/*.toml"
|
|
- "Integration: Microsoft 365":
|
|
- "rules/integrations/o365/**/*.toml"
|
|
- "Integration: Okta":
|
|
- "rules/integrations/okta/**/*.toml"
|
|
- "Rule: Deprecation":
|
|
- "rules/_deprecated/**/*"
|