security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
90c79a8283f85b06d6b7033636f6305808fa0ec7
sigma-rules/tests
T
History
Jonhnathan 90c79a8283 [Proposal] Break Threat Intel Indicator Match rules into Indicator-type rules (#2777) 
* [Proposal] [DRAFT] Break Threat Intel Indicator Match rules into Indicator-type rules

* .

* Update threat_intel_indicator_match_hash.toml

* Update to include expiring rules, exclude expiring indexes

* .

* Apply suggestions from code review

* Push changes

* Update pyproject.toml

* Revert "Update pyproject.toml"

This reverts commit 17cfafbd96f337df756d87909d2478545ac9efe7.

* Update pyproject.toml

* Update integration-schemas.json.gz

* Revert "Update integration-schemas.json.gz"

This reverts commit 7dc19b7ccbf41f34b94d02b0ed702bd83df82f9d.

* Revert integrations-manifests to the one from main

* Fix maturity

* Update Name

* Update ignore_ids with the indicator rules guid

* Update rules/cross-platform/threat_intel_indicator_match_registry_expiring.toml

* Update rules/cross-platform/threat_intel_indicator_match_address_expiring.toml

* Update rules/cross-platform/threat_intel_indicator_match_hash_expiring.toml

* Update rules/cross-platform/threat_intel_indicator_match_url_expiring.toml

* Make changes to use labels

* Update non-ecs-schema.json

* Update rules/cross-platform/threat_intel_fleet_integrations.toml

* Apply suggestions from code review

* Backport to 8.5

* Fix Rule threat filters, add tags, and compatibility with process and dll fields for hash indicators

* Update threat_intel_indicator_match_hash.toml

* Update threat_intel_indicator_match_url.toml

* Update threat_intel_indicator_match_url.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
2023-06-28 10:22:24 -03:00
..
kuery
[eql2kql] fix wildcard bug (#1507)
2022-04-21 23:44:39 -04:00
__init__.py
[FR] Add host family to data path (#2839)
2023-06-12 16:03:33 -04:00
base.py
[FR] Add support for building block rules (BBR) (#2822)
2023-06-20 09:00:30 -04:00
test_all_rules.py
[Proposal] Break Threat Intel Indicator Match rules into Indicator-type rules (#2777)
2023-06-28 10:22:24 -03:00
test_gh_workflows.py
[Bug] Fix test_matrix_to_lock_version_defaults test (#2014)
2022-06-02 16:34:54 -08:00
test_mappings.py
Release ER Production RTAs to DR (#2270)
2022-09-08 12:50:39 -04:00
test_packages.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
test_schemas.py
[FR] Adapt PyPi semver Library and Remove Custom (#2503)
2023-02-07 14:26:29 -05:00
test_toml_formatter.py
Test to trigger workflows (#1612)
2021-11-15 10:02:31 -09:00
test_transform_fields.py
Make call to TOMLRuleContents.to_dict from TOMLRuleContents.to_api_format (#2742)
2023-04-25 12:33:43 -04:00
test_utils.py
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
test_version_locking.py
[Bug] Removed Strip Calls in Favor of F-Strings with Major and Minor Versions (#2541)
2023-02-10 13:18:53 -05:00