security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
6449cecd0839f1c4489c943552ab686f63d403ed
sigma-rules/tests
T
History
eric-forte-elastic 6449cecd08 [FR] Add support for building block rules (BBR) (#2822) 
* added test bbr

* initial implementation

* Added Unit test and exempted bbr from integrations

* fixed linting

* Add schema validation to building block rules

* add separate error messages

* fixed linting

* Add testing bbr validation

* fixed linting

* Add default values

* fixed linting

* added defaults

* fixed linting

* cleaned up test rule

* removed .gitkeep

* read .gitkeep

* Switch to using validates_schema

* addressing some linting

* fixed linting

* Update detection_rules/schemas/definitions.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* add env variable check

* fix skip function

* updated name

* Update detection_rules/schemas/definitions.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Add bbr validation unit test

* Clean up comments

* fix linting

* Move convert time to utils

* Moved to rules_building_block

* Add check for only bbr in bbr dir

* fix linting

* additional linting fix

* Changed to bbr rule loader

* fixed bbr default

* Updated error messages and README

* fixed more linting

* Updating root level README

* Fixed convert_time_span calls

* fixed typo in unit test logic and updated txt

* fixed error message

* updated comment for clarity

* Update detection_rules/rule.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/rule.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Updated validation methods for clarity

* fix doctring location

* Fixed typo

* updated error messages.

* removed excess whitespace

* Add per rule bypass

* Add single rule bypass

* Split unit tests

* Update detection_rules/rule.py

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* Update detection_rules/rule.py

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
2023-06-20 09:00:30 -04:00
..
kuery
[eql2kql] fix wildcard bug (#1507)
2022-04-21 23:44:39 -04:00
__init__.py
[FR] Add host family to data path (#2839)
2023-06-12 16:03:33 -04:00
base.py
[FR] Add support for building block rules (BBR) (#2822)
2023-06-20 09:00:30 -04:00
test_all_rules.py
[FR] Add support for building block rules (BBR) (#2822)
2023-06-20 09:00:30 -04:00
test_gh_workflows.py
[Bug] Fix test_matrix_to_lock_version_defaults test (#2014)
2022-06-02 16:34:54 -08:00
test_mappings.py
Release ER Production RTAs to DR (#2270)
2022-09-08 12:50:39 -04:00
test_packages.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
test_schemas.py
[FR] Adapt PyPi semver Library and Remove Custom (#2503)
2023-02-07 14:26:29 -05:00
test_toml_formatter.py
Test to trigger workflows (#1612)
2021-11-15 10:02:31 -09:00
test_transform_fields.py
Make call to TOMLRuleContents.to_dict from TOMLRuleContents.to_api_format (#2742)
2023-04-25 12:33:43 -04:00
test_utils.py
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
test_version_locking.py
[Bug] Removed Strip Calls in Favor of F-Strings with Major and Minor Versions (#2541)
2023-02-10 13:18:53 -05:00