valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,027 Commits 20 Branches 25 Tags 21 MiB
48757423ef
Commit Graph

51 Commits

Author SHA1 Message Date
mat
b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Florian Roth
8970d03f6f
Merge pull request #952 from Neo23x0/devel 
feat: Detect duplicate rule tags
 2020-07-28 10:21:59 +02:00
Florian Roth
051e2ce905 feat: detect duplicate tags 2020-07-27 11:37:58 +02:00
Ryan Plas
de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
Florian Roth
71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Florian Roth
cf25b9c509 feat: filename test 2020-07-14 12:33:16 +02:00
Florian Roth
495376df77 refactor: references test without warnings for missing refs 2020-07-14 12:33:02 +02:00
Florian Roth
bae979f5c7 refactor: ignore sub techniques as long as we do not have a complete list 2020-07-14 11:56:28 +02:00
Ryan Plas
9eb5d8da4d Add logsource attribute rule test 2020-07-13 17:02:28 -04:00
Florian Roth
b3e15eea68 fix: nested check 2020-07-13 18:49:00 +02:00
Florian Roth
91c0bea570 fix: typo and reordered 2020-07-13 18:22:47 +02:00
Florian Roth
758f5039b5 fix: no error on rules without references 2020-07-13 18:16:32 +02:00
Florian Roth
8d91659c2a fix: typo in field value 2020-07-13 18:08:00 +02:00
Florian Roth
4c610ec693 feat: test references is list 2020-07-13 18:07:19 +02:00
Florian Roth
87ce5e5745 fix: missing MITRE ATT&CK IDs in test 2020-07-13 16:02:22 +02:00
Florian Roth
ab40cdbbd7 fix: missing ATT&CK id 2020-07-01 09:57:35 +02:00
Florian Roth
912ad94771 fix: missing ATT&CK id in tests 2020-06-19 10:00:44 +02:00
Ivan Kirillov
69760f6446 Added subtechniques to MITRE_TECHNIQUES 2020-06-17 11:51:48 -06:00
ecco
327a53c120 add new test for sysmon rules without eventid 2020-05-23 10:25:37 -04:00
ecco
2b89e56054 fix test 2020-05-23 10:03:13 -04:00
Florian Roth
0e1ff440db fix: updated MITRE tags in test 2020-03-25 14:04:22 +01:00
Thomas Patzke
373424f145 Rule fixes 
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
 2020-02-20 23:00:16 +01:00
Thomas Patzke
d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke
815c562a17 Merge branch 'master' into oscd 2020-02-02 13:40:08 +01:00
Florian Roth
9876623710 doc: helpful link in error message 2020-02-01 15:43:11 +01:00
Florian Roth
1735614747 feat: rule title tests 2020-01-30 17:26:21 +01:00
Florian Roth
43af93a678 feat: detect missing date 2020-01-30 16:08:34 +01:00
Florian Roth
14e7b17eb9 feat: detect missing id 2020-01-30 16:08:24 +01:00
Florian Roth
93e1299010 style: PEP8 in test_rules.py 2020-01-30 16:08:10 +01:00
Florian Roth
f84b3abf2d fix: missing commas in list 2020-01-30 08:56:13 +01:00
Florian Roth
aa5ce18abc feat: support of new MITRE ATT&CK tags 2020-01-30 08:55:44 +01:00
Florian Roth
7bf472834b feat: colorized error messages 2020-01-30 08:50:22 +01:00
Florian Roth
9d96b7c1a3 fix: print_error function not global 2020-01-30 08:39:58 +01:00
Florian Roth
fe6c30fa59 feat: colorized output in test 2020-01-30 08:37:47 +01:00
Florian Roth
5e59bbb3c3
Added MITRE ATT&CK Technique T1482 
https://attack.mitre.org/techniques/T1482/
 2019-12-28 16:02:26 +01:00
Thomas Patzke
397b3b8cc6 Updated rule test MITRE ATT&CK identifiers 2019-12-17 01:13:06 +01:00
Florian Roth
2cf6e16024 fix: missing new MITRE tactics category in tests 2019-11-14 23:31:38 +01:00
Thomas Patzke
238adf9eea Improved rule test 
* Added ATT&CK technique
* Removed invalid tags
 2019-11-08 22:03:19 +01:00
Thomas Patzke
59a6a0c523 Added ATT&CK technique to rule test 2019-08-25 10:13:11 +02:00
Thomas Patzke
87abd20c0f Removed deprecated PyYAML API from rule test 2019-04-22 23:21:08 +02:00
Florian Roth
d0950bd077 fix: yaml.load() issue 
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
 2019-04-21 20:30:31 +02:00
Tareq AlKhatib
7f4557d183 Enabled check for process_creation 2019-03-09 21:00:11 +03:00
Tareq AlKhatib
c3b079990a Properly end anchored the regex 2019-03-09 19:23:50 +03:00
Tareq AlKhatib
be2ca8dc4d Added checks for Sysmon 1 or EID 4688 instead of process_creation 2019-03-02 20:51:49 +03:00
Tareq AlKhatib
ae62acf3d2 Added a test for duplicate filters and a test for Source: Eventlog 2019-02-18 21:05:58 +03:00
Tareq AlKhatib
97b28f4308 Added a test for unnecessary use of '1 of them' in condition 2019-02-13 21:27:27 +03:00
Tareq AlKhatib
cd2af196e3 Corrected path to rules 2019-01-25 12:25:51 +03:00
Tareq AlKhatib
96220e776f Added a test to check for duplicate filters in rules 2019-01-25 12:22:28 +03:00
Thomas Patzke
3c7f46a6cd Added rule test to CI testing 2019-01-23 23:31:36 +01:00