security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cacdd7e71739dadf5a78daa5198835c8d4381a81
sigma-rules/tests
T
History
Justin Ibarra cacdd7e717 [New hunts] 50 ES|QL Windows Hunt Queries (#3642) 
* [New Hunt] Initial add of Windows hunt queries

* Add markdown files

* Added license to schema and md generation

* add hunt index; minor tweaks to script

* minor tweaks from feedback

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update hunting/macos/queries/suspicious_network_connections_by_unsigned_macho.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* convert integrations to list

* Update script to generate integration links

* validate generated integrations links

* Update hunting/windows/docs/execution_via_remote_services_by_client_address.md

* Update hunting/windows/queries/execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.toml

* Update hunting/windows/queries/execution_via_remote_services_by_client_address.toml

* Update hunting/windows/docs/execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.md

* Update hunting/windows/queries/execution_via_network_logon_by_occurrence_frequency.toml

* Update hunting/windows/docs/execution_via_network_logon_by_occurrence_frequency.md

* update docs with naming information

* Create suspicious_base64_encoded_powershell_commands.toml

* Create scheduled_task_creation_by_action_via_registry.toml

* Create suspicious_base64_encoded_powershell_commands.md

* Create scheduled_task_creation_by_action_via_registry.md

* Update index.md

---------

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

(cherry picked from commit 48e85439e0)
2024-06-12 16:12:25 +00:00
..
data
[FR] Add Support for ES|QL Rule Type and Remote Validation (#3281)
2023-12-08 19:52:16 +00:00
kuery
[Bug] KQL fails validation on uppercase keywords (#3568)
2024-04-04 22:10:57 +00:00
__init__.py
[FR] Add host family to data path (#2839)
2023-06-12 16:03:33 -04:00
base.py
[FR] Add support for building block rules (BBR) (#2822)
2023-06-20 09:00:30 -04:00
test_all_rules.py
[New Rule] Suspicious File Modification (#3746)
2024-06-11 11:06:39 +00:00
test_gh_workflows.py
[Bug] Fix test_matrix_to_lock_version_defaults test (#2014)
2022-06-02 16:34:54 -08:00
test_hunt_data.py
[New hunts] 50 ES|QL Windows Hunt Queries (#3642)
2024-06-12 16:12:25 +00:00
test_mappings.py
react_sync_rta_updates_3575 (#3762)
2024-06-06 18:45:36 +00:00
test_packages.py
[FR] Normalize yml ext to yaml (#3675)
2024-05-15 20:27:01 +00:00
test_python_library.py
[Bug] Query validation failing to capture InSet edge case with ip field types (#3572)
2024-05-06 12:07:00 +00:00
test_rules_remote.py
[FR] Add Support for ES|QL Rule Type and Remote Validation (#3281)
2023-12-08 19:52:16 +00:00
test_schemas.py
[FR] Adapt PyPi semver Library and Remove Custom (#2503)
2023-02-07 14:26:29 -05:00
test_specific_rules.py
[Bug] Fix test_os_and_platform_in_query test and rules (#3695)
2024-05-20 15:51:28 +00:00
test_toml_formatter.py
Test to trigger workflows (#1612)
2021-11-15 10:02:31 -09:00
test_transform_fields.py
Make call to TOMLRuleContents.to_dict from TOMLRuleContents.to_api_format (#2742)
2023-04-25 12:33:43 -04:00
test_utils.py
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
test_version_locking.py
[Bug] Removed Strip Calls in Favor of F-Strings with Major and Minor Versions (#2541)
2023-02-10 13:18:53 -05:00