security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
281926052cb47e02597f0e993fde6bcfcf2c119b
sigma-rules/detection_rules
T
History
Terrance DeJesus 281926052c [Rule Tuning] Add METADATA checks for non-aggregate ES|QL queries and fix existing (#4126) 
* fixed existing rules;added query checks

* fixed flake errors

* added re.DOTALL to regex pattern, adjusted pattern slightly; reverted some rules

* removed valueError and replaced ValidationError

* adjusted validation error output based on feedback

* Update rules/integrations/aws/persistence_iam_user_created_access_keys_for_another_user.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/aws/persistence_iam_user_created_access_keys_for_another_user.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* added space for failure

* updated to use re.compile

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
2024-10-09 15:25:36 -04:00
..
etc
[Hunting] Re-factor Hunting Library Code (#4085)
2024-10-03 12:47:40 -04:00
schemas
[Tuning] Add logs-panw.panos index to Network rules (#4089)
2024-09-19 08:01:44 +01:00
__init__.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
__main__.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
action_connector.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
action.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
attack.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
beats.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
cli_utils.py
[FR] Add Alert Suppression for Addtional Rule Types (#3986)
2024-08-15 15:03:45 -05:00
config.py
[FR] Add Better Error Handling for CUSTOM_RULES_DIR (#3990)
2024-08-28 10:30:45 -04:00
custom_rules.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
custom_schemas.py
[FR] [DAC] Add Support for Known Types to Auto-generated Schemas (#3985)
2024-08-28 10:48:00 -04:00
devtools.py
Add flag to update the docs/ATT&CK-coverage.md with markdown URL(s) (#4077)
2024-09-19 23:12:01 +05:30
docs.py
Skip Development Rules from Security Docs (#4073)
2024-09-13 19:57:00 +05:30
ecs.py
[FR] [DAC] Add Support for Known Types to Auto-generated Schemas (#3985)
2024-08-28 10:48:00 -04:00
endgame.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
eswrap.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
exception.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
generic_loader.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
ghwrap.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
integrations.py
[Bug] Add historical Rules as Default when Build Package (#4003)
2024-08-21 18:00:02 -04:00
kbwrap.py
[Bug] [DAC] Fix Kibana action connector export to export details with action connectors (#3984)
2024-08-13 14:28:17 -04:00
main.py
Update import rules to repo help text. (#4013)
2024-08-26 10:20:32 -04:00
mappings.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
misc.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
mixins.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
ml.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
navigator.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
packaging.py
[Bug] Add historical Rules as Default when Build Package (#4003)
2024-08-21 18:00:02 -04:00
remote_validation.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
rule_formatter.py
[Bug] Handle formatting empty list (#4086)
2024-09-17 13:25:17 -05:00
rule_loader.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
rule_validators.py
[FR] [DAC] Add Support for Known Types to Auto-generated Schemas (#3985)
2024-08-28 10:48:00 -04:00
rule.py
[Rule Tuning] Add METADATA checks for non-aggregate ES|QL queries and fix existing (#4126)
2024-10-09 15:25:36 -04:00
utils.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
version_lock.py
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00