security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eccaf0cd5d80b25ea5089ef8002299458e4a2dc
sigma-rules/detection_rules
T
History
Justin Ibarra 7759fa2500 Ensure EQL rules with maxspan have a long enough lookback window (#1361) 
* Add the following properties to EQLRuleData:
   - max_span
   - look_back
   - interval_ratio

* Add the following tests:
   - test_eql_lookback
   - test_eql_interval_to_maxspan

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2021-07-22 13:53:13 -08:00
..
schemas
Update cardinality field in schema for threshold rules (#1349)
2021-07-21 08:32:54 -08:00
__init__.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
__main__.py
Move Rule into a dataclass (#1029)
2021-03-24 10:24:32 -06:00
attack.py
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
beats.py
Add min_stack_version to rule metadata (#1173)
2021-06-30 13:26:27 -08:00
cli_utils.py
Add min_stack_version to rule metadata (#1173)
2021-06-30 13:26:27 -08:00
devtools.py
[CI] Publish to integrations from on-demand job (#1340)
2021-07-14 16:19:41 -06:00
docs.py
Move Rule into a dataclass (#1029)
2021-03-24 10:24:32 -06:00
ecs.py
Add min_stack_version to rule metadata (#1173)
2021-06-30 13:26:27 -08:00
eswrap.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
ghwrap.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
kbwrap.py
Add a RuleCollection object instead of a "loader" module (#1063)
2021-04-05 14:23:37 -06:00
main.py
[Fleet] Track integrations in folder and metadata (#1372)
2021-07-21 15:24:56 -06:00
mappings.py
Add a RuleCollection object instead of a "loader" module (#1063)
2021-04-05 14:23:37 -06:00
misc.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
mixins.py
Add optional integration field to the schema (#1359)
2021-07-19 12:52:44 -06:00
ml.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
packaging.py
[CI] Publish to integrations from on-demand job (#1340)
2021-07-14 16:19:41 -06:00
rule_formatter.py
Update cardinality field in schema for threshold rules (#1349)
2021-07-21 08:32:54 -08:00
rule_loader.py
Add command to unstage incompatible rules from git (#1317)
2021-07-08 13:44:04 -06:00
rule_validators.py
Add min_stack_version to rule metadata (#1173)
2021-06-30 13:26:27 -08:00
rule.py
Ensure EQL rules with maxspan have a long enough lookback window (#1361)
2021-07-22 13:53:13 -08:00
semver.py
Generate an integrations package from a release (#983)
2021-03-09 13:30:12 -09:00
utils.py
[CI] Publish to integrations from on-demand job (#1340)
2021-07-14 16:19:41 -06:00