Terrance DeJesus
50e23ba242
* updating python code for hunting library * fixed okta queries; added MITRE search capability * fixed hunting unit test imports * fixed duplicate UUID; fixed duplicate index entry bug * fixed technique finding sub-technique in search * added more unit tests * linted * flake errors addressed; fixed unit test import; fixed markdown generate bug * added description for generate-markdown command * updated README * adjusted YAML index, adjusted code for index changes * adjusted relative imports; updated CODEOWNERS * adding updates; moving to different branch for main dependencies * finished run-query command; made some code adjustments * removed some comments * revised makefile; fixed unit tests; adjusted detection rules pyproject * updated README * updated README * adjusted unit tests; adjusted hunt guidelines; updated makefile; adjusted several commands * adjusted package to be more object-oriented * removed unused variable * Add simple breakdown stats * addressed feedback; added keyword option for search * Update hunting/README.md Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Update detection_rules/etc/test_hunting_cli.bash Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com> * addressing feedback * addressed feedback * added message for unknown index; fixed function call * fixed search command * fixed flake error --------- Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
35 lines
1.4 KiB
Bash
Executable File
35 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Path to the virtual environment
|
|
VENV_PATH="./env/detection-rules-build"
|
|
|
|
# Activate the virtual environment
|
|
source "$VENV_PATH/bin/activate"
|
|
|
|
echo "Running hunting CLI tests..."
|
|
|
|
echo "Searching: Search for T1078.004 subtechnique in AWS data source"
|
|
python -m hunting search --sub-technique T1078.004 --data-source aws
|
|
|
|
echo "Refreshing index"
|
|
python -m hunting refresh-index
|
|
|
|
echo "Generating Markdown: initial_access_higher_than_average_failed_authentication.toml"
|
|
python -m hunting generate-markdown /Users/tdejesus/code/src/detection-rules/hunting/okta/queries/initial_access_higher_than_average_failed_authentication.toml
|
|
|
|
echo "Running Query: low_volume_external_network_connections_from_process.toml"
|
|
echo "Requires .detection-rules-cfg.json credentials file set."
|
|
python -m hunting run-query --file-path /Users/tdejesus/code/src/detection-rules/hunting/linux/queries/low_volume_external_network_connections_from_process.toml --all
|
|
|
|
echo "Viewing Hunt: 12526f14-5e35-4f5f-884c-96c6a353a544"
|
|
python -m hunting view-hunt --uuid 12526f14-5e35-4f5f-884c-96c6a353a544 --format json
|
|
|
|
echo "Generating summary of hunts by integration"
|
|
python -m hunting hunt-summary --breakdown integration
|
|
|
|
echo "Generating summary of hunts by platform"
|
|
python -m hunting hunt-summary --breakdown platform
|
|
|
|
echo "Generating summary of hunts by language"
|
|
python -m hunting hunt-summary --breakdown language
|